npm - @oculum/scanner - Versions diffs - 1.0.12 → 1.0.13 - Mend

@oculum/scanner 1.0.12 → 1.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (961) hide show

package/dist/detect/ai-code/agent-tools.d.ts +22 -0
package/dist/detect/ai-code/agent-tools.d.ts.map +1 -0
package/dist/detect/ai-code/agent-tools.js +1509 -0
package/dist/detect/ai-code/agent-tools.js.map +1 -0
package/dist/detect/ai-code/byok-patterns.d.ts +15 -0
package/dist/detect/ai-code/byok-patterns.d.ts.map +1 -0
package/dist/detect/ai-code/byok-patterns.js +313 -0
package/dist/detect/ai-code/byok-patterns.js.map +1 -0
package/dist/detect/ai-code/endpoint-protection.d.ts +38 -0
package/dist/detect/ai-code/endpoint-protection.d.ts.map +1 -0
package/dist/detect/ai-code/endpoint-protection.js +349 -0
package/dist/detect/ai-code/endpoint-protection.js.map +1 -0
package/dist/detect/ai-code/execution-sinks.d.ts +21 -0
package/dist/detect/ai-code/execution-sinks.d.ts.map +1 -0
package/dist/detect/ai-code/execution-sinks.js +1158 -0
package/dist/detect/ai-code/execution-sinks.js.map +1 -0
package/dist/detect/ai-code/fingerprinting.d.ts +10 -0
package/dist/detect/ai-code/fingerprinting.d.ts.map +1 -0
package/dist/detect/ai-code/fingerprinting.js +665 -0
package/dist/detect/ai-code/fingerprinting.js.map +1 -0
package/dist/detect/ai-code/index.d.ts +12 -0
package/dist/detect/ai-code/index.d.ts.map +1 -0
package/dist/detect/ai-code/index.js +26 -0
package/dist/detect/ai-code/index.js.map +1 -0
package/dist/detect/ai-code/mcp-security.d.ts +20 -0
package/dist/detect/ai-code/mcp-security.d.ts.map +1 -0
package/dist/detect/ai-code/mcp-security.js +880 -0
package/dist/detect/ai-code/mcp-security.js.map +1 -0
package/dist/detect/ai-code/model-supply-chain.d.ts +23 -0
package/dist/detect/ai-code/model-supply-chain.d.ts.map +1 -0
package/dist/detect/ai-code/model-supply-chain.js +447 -0
package/dist/detect/ai-code/model-supply-chain.js.map +1 -0
package/dist/detect/ai-code/package-hallucination.d.ts +22 -0
package/dist/detect/ai-code/package-hallucination.d.ts.map +1 -0
package/dist/detect/ai-code/package-hallucination.js +841 -0
package/dist/detect/ai-code/package-hallucination.js.map +1 -0
package/dist/detect/ai-code/prompt-hygiene.d.ts +22 -0
package/dist/detect/ai-code/prompt-hygiene.d.ts.map +1 -0
package/dist/detect/ai-code/prompt-hygiene.js +1177 -0
package/dist/detect/ai-code/prompt-hygiene.js.map +1 -0
package/dist/detect/ai-code/rag-safety.d.ts +24 -0
package/dist/detect/ai-code/rag-safety.d.ts.map +1 -0
package/dist/detect/ai-code/rag-safety.js +913 -0
package/dist/detect/ai-code/rag-safety.js.map +1 -0
package/dist/detect/ai-code/schema-validation.d.ts +28 -0
package/dist/detect/ai-code/schema-validation.d.ts.map +1 -0
package/dist/detect/ai-code/schema-validation.js +378 -0
package/dist/detect/ai-code/schema-validation.js.map +1 -0
package/dist/detect/config/agent-skill-injection.d.ts +27 -0
package/dist/detect/config/agent-skill-injection.d.ts.map +1 -0
package/dist/detect/config/agent-skill-injection.js +472 -0
package/dist/detect/config/agent-skill-injection.js.map +1 -0
package/dist/detect/config/comments.d.ts +11 -0
package/dist/detect/config/comments.d.ts.map +1 -0
package/dist/detect/config/comments.js +206 -0
package/dist/detect/config/comments.js.map +1 -0
package/dist/detect/config/file-flags.d.ts +10 -0
package/dist/detect/config/file-flags.d.ts.map +1 -0
package/dist/detect/config/file-flags.js +124 -0
package/dist/detect/config/file-flags.js.map +1 -0
package/dist/detect/config/index.d.ts +7 -0
package/dist/detect/config/index.d.ts.map +1 -0
package/dist/detect/config/index.js +17 -0
package/dist/detect/config/index.js.map +1 -0
package/dist/detect/config/osv-check.d.ts +75 -0
package/dist/detect/config/osv-check.d.ts.map +1 -0
package/dist/detect/config/osv-check.js +309 -0
package/dist/detect/config/osv-check.js.map +1 -0
package/dist/detect/config/package-check.d.ts +63 -0
package/dist/detect/config/package-check.d.ts.map +1 -0
package/dist/detect/config/package-check.js +509 -0
package/dist/detect/config/package-check.js.map +1 -0
package/dist/detect/config/urls.d.ts +11 -0
package/dist/detect/config/urls.d.ts.map +1 -0
package/dist/detect/config/urls.js +450 -0
package/dist/detect/config/urls.js.map +1 -0
package/dist/detect/index.d.ts +37 -0
package/dist/detect/index.d.ts.map +1 -0
package/dist/detect/index.js +77 -0
package/dist/detect/index.js.map +1 -0
package/dist/detect/secrets/config-audit.d.ts +11 -0
package/dist/detect/secrets/config-audit.d.ts.map +1 -0
package/dist/detect/secrets/config-audit.js +315 -0
package/dist/detect/secrets/config-audit.js.map +1 -0
package/dist/detect/secrets/config-mcp-audit.d.ts +23 -0
package/dist/detect/secrets/config-mcp-audit.d.ts.map +1 -0
package/dist/detect/secrets/config-mcp-audit.js +243 -0
package/dist/detect/secrets/config-mcp-audit.js.map +1 -0
package/dist/detect/secrets/entropy.d.ts +11 -0
package/dist/detect/secrets/entropy.d.ts.map +1 -0
package/dist/detect/secrets/entropy.js +751 -0
package/dist/detect/secrets/entropy.js.map +1 -0
package/dist/detect/secrets/index.d.ts +36 -0
package/dist/detect/secrets/index.d.ts.map +1 -0
package/dist/detect/secrets/index.js +174 -0
package/dist/detect/secrets/index.js.map +1 -0
package/dist/detect/secrets/patterns.d.ts +11 -0
package/dist/detect/secrets/patterns.d.ts.map +1 -0
package/dist/detect/secrets/patterns.js +518 -0
package/dist/detect/secrets/patterns.js.map +1 -0
package/dist/detect/secrets/weak-crypto.d.ts +10 -0
package/dist/detect/secrets/weak-crypto.d.ts.map +1 -0
package/dist/detect/secrets/weak-crypto.js +432 -0
package/dist/detect/secrets/weak-crypto.js.map +1 -0
package/dist/detect/structural/auth-patterns.d.ts +22 -0
package/dist/detect/structural/auth-patterns.d.ts.map +1 -0
package/dist/detect/structural/auth-patterns.js +533 -0
package/dist/detect/structural/auth-patterns.js.map +1 -0
package/dist/detect/structural/dangerous-functions/child-process.d.ts +16 -0
package/dist/detect/structural/dangerous-functions/child-process.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/child-process.js +74 -0
package/dist/detect/structural/dangerous-functions/child-process.js.map +1 -0
package/dist/detect/structural/dangerous-functions/dom-xss.d.ts +34 -0
package/dist/detect/structural/dangerous-functions/dom-xss.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/dom-xss.js +230 -0
package/dist/detect/structural/dangerous-functions/dom-xss.js.map +1 -0
package/dist/detect/structural/dangerous-functions/index.d.ts +16 -0
package/dist/detect/structural/dangerous-functions/index.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/index.js +1193 -0
package/dist/detect/structural/dangerous-functions/index.js.map +1 -0
package/dist/detect/structural/dangerous-functions/json-parse.d.ts +31 -0
package/dist/detect/structural/dangerous-functions/json-parse.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/json-parse.js +326 -0
package/dist/detect/structural/dangerous-functions/json-parse.js.map +1 -0
package/dist/detect/structural/dangerous-functions/math-random.d.ts +111 -0
package/dist/detect/structural/dangerous-functions/math-random.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/math-random.js +684 -0
package/dist/detect/structural/dangerous-functions/math-random.js.map +1 -0
package/dist/detect/structural/dangerous-functions/patterns.d.ts +21 -0
package/dist/detect/structural/dangerous-functions/patterns.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/patterns.js +163 -0
package/dist/detect/structural/dangerous-functions/patterns.js.map +1 -0
package/dist/detect/structural/dangerous-functions/request-validation.d.ts +13 -0
package/dist/detect/structural/dangerous-functions/request-validation.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/request-validation.js +126 -0
package/dist/detect/structural/dangerous-functions/request-validation.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts +24 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.js +70 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts +31 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.js +147 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/index.d.ts +9 -0
package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/index.js +23 -0
package/dist/detect/structural/dangerous-functions/utils/index.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts +22 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.js +102 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map +1 -0
package/dist/detect/structural/data-exposure.d.ts +19 -0
package/dist/detect/structural/data-exposure.d.ts.map +1 -0
package/dist/detect/structural/data-exposure.js +262 -0
package/dist/detect/structural/data-exposure.js.map +1 -0
package/dist/detect/structural/framework-checks.d.ts +10 -0
package/dist/detect/structural/framework-checks.d.ts.map +1 -0
package/dist/detect/structural/framework-checks.js +389 -0
package/dist/detect/structural/framework-checks.js.map +1 -0
package/dist/detect/structural/index.d.ts +71 -0
package/dist/detect/structural/index.d.ts.map +1 -0
package/dist/detect/structural/index.js +510 -0
package/dist/detect/structural/index.js.map +1 -0
package/dist/detect/structural/log-injection.d.ts +18 -0
package/dist/detect/structural/log-injection.d.ts.map +1 -0
package/dist/detect/structural/log-injection.js +217 -0
package/dist/detect/structural/log-injection.js.map +1 -0
package/dist/detect/structural/logic-gates.d.ts +10 -0
package/dist/detect/structural/logic-gates.d.ts.map +1 -0
package/dist/detect/structural/logic-gates.js +227 -0
package/dist/detect/structural/logic-gates.js.map +1 -0
package/dist/detect/structural/risky-imports.d.ts +10 -0
package/dist/detect/structural/risky-imports.d.ts.map +1 -0
package/dist/detect/structural/risky-imports.js +168 -0
package/dist/detect/structural/risky-imports.js.map +1 -0
package/dist/detect/structural/security-headers.d.ts +18 -0
package/dist/detect/structural/security-headers.d.ts.map +1 -0
package/dist/detect/structural/security-headers.js +196 -0
package/dist/detect/structural/security-headers.js.map +1 -0
package/dist/detect/structural/ssrf-detection.d.ts +18 -0
package/dist/detect/structural/ssrf-detection.d.ts.map +1 -0
package/dist/detect/structural/ssrf-detection.js +263 -0
package/dist/detect/structural/ssrf-detection.js.map +1 -0
package/dist/detect/structural/variables.d.ts +11 -0
package/dist/detect/structural/variables.d.ts.map +1 -0
package/dist/detect/structural/variables.js +159 -0
package/dist/detect/structural/variables.js.map +1 -0
package/dist/detect/structural/xxe-detection.d.ts +18 -0
package/dist/detect/structural/xxe-detection.d.ts.map +1 -0
package/dist/detect/structural/xxe-detection.js +245 -0
package/dist/detect/structural/xxe-detection.js.map +1 -0
package/dist/index.d.ts +17 -64
package/dist/index.d.ts.map +1 -1
package/dist/index.js +49 -1034
package/dist/index.js.map +1 -1
package/dist/layer2/framework-checks.d.ts.map +1 -1
package/dist/layer2/framework-checks.js +1 -8
package/dist/layer2/framework-checks.js.map +1 -1
package/dist/layer2/index.d.ts +4 -0
package/dist/layer2/index.d.ts.map +1 -1
package/dist/layer2/index.js +50 -1
package/dist/layer2/index.js.map +1 -1
package/dist/layer2/log-injection.d.ts +18 -0
package/dist/layer2/log-injection.d.ts.map +1 -0
package/dist/layer2/log-injection.js +214 -0
package/dist/layer2/log-injection.js.map +1 -0
package/dist/layer2/security-headers.d.ts +18 -0
package/dist/layer2/security-headers.d.ts.map +1 -0
package/dist/layer2/security-headers.js +187 -0
package/dist/layer2/security-headers.js.map +1 -0
package/dist/layer2/ssrf-detection.d.ts +18 -0
package/dist/layer2/ssrf-detection.d.ts.map +1 -0
package/dist/layer2/ssrf-detection.js +252 -0
package/dist/layer2/ssrf-detection.js.map +1 -0
package/dist/layer2/xxe-detection.d.ts +18 -0
package/dist/layer2/xxe-detection.d.ts.map +1 -0
package/dist/layer2/xxe-detection.js +242 -0
package/dist/layer2/xxe-detection.js.map +1 -0
package/dist/layer3/anthropic/prompts/index.d.ts +1 -1
package/dist/layer3/anthropic/prompts/index.d.ts.map +1 -1
package/dist/layer3/anthropic/prompts/index.js +3 -1
package/dist/layer3/anthropic/prompts/index.js.map +1 -1
package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts +19 -0
package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/ai-patterns.js +156 -0
package/dist/layer3/anthropic/prompts/modules/ai-patterns.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts +9 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.js +25 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/common.d.ts +11 -0
package/dist/layer3/anthropic/prompts/modules/common.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/common.js +152 -0
package/dist/layer3/anthropic/prompts/modules/common.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/index.d.ts +54 -0
package/dist/layer3/anthropic/prompts/modules/index.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/index.js +185 -0
package/dist/layer3/anthropic/prompts/modules/index.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts +8 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.js +84 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts +8 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js +68 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts +8 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.js +22 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map +1 -0
package/dist/layer3/anthropic/prompts/validation.d.ts +9 -3
package/dist/layer3/anthropic/prompts/validation.d.ts.map +1 -1
package/dist/layer3/anthropic/prompts/validation.js +14 -410
package/dist/layer3/anthropic/prompts/validation.js.map +1 -1
package/dist/layer3/anthropic/providers/anthropic.d.ts.map +1 -1
package/dist/layer3/anthropic/providers/anthropic.js +6 -3
package/dist/layer3/anthropic/providers/anthropic.js.map +1 -1
package/dist/layer3/anthropic/providers/openai.d.ts.map +1 -1
package/dist/layer3/anthropic/providers/openai.js +6 -3
package/dist/layer3/anthropic/providers/openai.js.map +1 -1
package/dist/layer3/anthropic/request-builder.d.ts +11 -4
package/dist/layer3/anthropic/request-builder.d.ts.map +1 -1
package/dist/layer3/anthropic/request-builder.js +32 -16
package/dist/layer3/anthropic/request-builder.js.map +1 -1
package/dist/layer3/anthropic/utils/context-extractor.d.ts +55 -0
package/dist/layer3/anthropic/utils/context-extractor.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/context-extractor.js +161 -0
package/dist/layer3/anthropic/utils/context-extractor.js.map +1 -0
package/dist/layer3/anthropic/utils/index.d.ts +2 -0
package/dist/layer3/anthropic/utils/index.d.ts.map +1 -1
package/dist/layer3/anthropic/utils/index.js +4 -1
package/dist/layer3/anthropic/utils/index.js.map +1 -1
package/dist/model/auth-helper-detector.d.ts +56 -0
package/dist/model/auth-helper-detector.d.ts.map +1 -0
package/dist/model/auth-helper-detector.js +360 -0
package/dist/model/auth-helper-detector.js.map +1 -0
package/dist/model/cross-file-taint.d.ts +40 -0
package/dist/model/cross-file-taint.d.ts.map +1 -0
package/dist/model/cross-file-taint.js +290 -0
package/dist/model/cross-file-taint.js.map +1 -0
package/dist/model/framework-models/django.d.ts +9 -0
package/dist/model/framework-models/django.d.ts.map +1 -0
package/dist/model/framework-models/django.js +82 -0
package/dist/model/framework-models/django.js.map +1 -0
package/dist/model/framework-models/express.d.ts +9 -0
package/dist/model/framework-models/express.d.ts.map +1 -0
package/dist/model/framework-models/express.js +52 -0
package/dist/model/framework-models/express.js.map +1 -0
package/dist/model/framework-models/index.d.ts +20 -0
package/dist/model/framework-models/index.d.ts.map +1 -0
package/dist/model/framework-models/index.js +102 -0
package/dist/model/framework-models/index.js.map +1 -0
package/dist/model/framework-models/nextjs.d.ts +9 -0
package/dist/model/framework-models/nextjs.d.ts.map +1 -0
package/dist/model/framework-models/nextjs.js +71 -0
package/dist/model/framework-models/nextjs.js.map +1 -0
package/dist/model/framework-models/prisma.d.ts +10 -0
package/dist/model/framework-models/prisma.d.ts.map +1 -0
package/dist/model/framework-models/prisma.js +54 -0
package/dist/model/framework-models/prisma.js.map +1 -0
package/dist/model/framework-models/react.d.ts +9 -0
package/dist/model/framework-models/react.d.ts.map +1 -0
package/dist/model/framework-models/react.js +67 -0
package/dist/model/framework-models/react.js.map +1 -0
package/dist/model/framework-models/sequelize.d.ts +9 -0
package/dist/model/framework-models/sequelize.d.ts.map +1 -0
package/dist/model/framework-models/sequelize.js +62 -0
package/dist/model/framework-models/sequelize.js.map +1 -0
package/dist/model/framework-models/types.d.ts +43 -0
package/dist/model/framework-models/types.d.ts.map +1 -0
package/dist/model/framework-models/types.js +10 -0
package/dist/model/framework-models/types.js.map +1 -0
package/dist/model/function-classifier.d.ts +32 -0
package/dist/model/function-classifier.d.ts.map +1 -0
package/dist/model/function-classifier.js +143 -0
package/dist/model/function-classifier.js.map +1 -0
package/dist/model/import-resolver.d.ts +45 -0
package/dist/model/import-resolver.d.ts.map +1 -0
package/dist/model/import-resolver.js +410 -0
package/dist/model/import-resolver.js.map +1 -0
package/dist/model/imported-auth-detector.d.ts +38 -0
package/dist/model/imported-auth-detector.d.ts.map +1 -0
package/dist/model/imported-auth-detector.js +199 -0
package/dist/model/imported-auth-detector.js.map +1 -0
package/dist/model/index.d.ts +63 -0
package/dist/model/index.d.ts.map +1 -0
package/dist/model/index.js +272 -0
package/dist/model/index.js.map +1 -0
package/dist/model/middleware-detector.d.ts +55 -0
package/dist/model/middleware-detector.d.ts.map +1 -0
package/dist/model/middleware-detector.js +382 -0
package/dist/model/middleware-detector.js.map +1 -0
package/dist/model/module-graph.d.ts +46 -0
package/dist/model/module-graph.d.ts.map +1 -0
package/dist/model/module-graph.js +187 -0
package/dist/model/module-graph.js.map +1 -0
package/dist/model/oauth-flow-detector.d.ts +41 -0
package/dist/model/oauth-flow-detector.d.ts.map +1 -0
package/dist/model/oauth-flow-detector.js +202 -0
package/dist/model/oauth-flow-detector.js.map +1 -0
package/dist/model/project-context.d.ts +119 -0
package/dist/model/project-context.d.ts.map +1 -0
package/dist/model/project-context.js +534 -0
package/dist/model/project-context.js.map +1 -0
package/dist/model/route-auth-resolver.d.ts +27 -0
package/dist/model/route-auth-resolver.d.ts.map +1 -0
package/dist/model/route-auth-resolver.js +182 -0
package/dist/model/route-auth-resolver.js.map +1 -0
package/dist/model/route-discovery/express.d.ts +25 -0
package/dist/model/route-discovery/express.d.ts.map +1 -0
package/dist/model/route-discovery/express.js +225 -0
package/dist/model/route-discovery/express.js.map +1 -0
package/dist/model/route-discovery/index.d.ts +21 -0
package/dist/model/route-discovery/index.d.ts.map +1 -0
package/dist/model/route-discovery/index.js +67 -0
package/dist/model/route-discovery/index.js.map +1 -0
package/dist/model/route-discovery/nextjs.d.ts +16 -0
package/dist/model/route-discovery/nextjs.d.ts.map +1 -0
package/dist/model/route-discovery/nextjs.js +179 -0
package/dist/model/route-discovery/nextjs.js.map +1 -0
package/dist/model/route-discovery/python.d.ts +16 -0
package/dist/model/route-discovery/python.d.ts.map +1 -0
package/dist/model/route-discovery/python.js +181 -0
package/dist/model/route-discovery/python.js.map +1 -0
package/dist/model/route-discovery/types.d.ts +36 -0
package/dist/model/route-discovery/types.d.ts.map +1 -0
package/dist/model/route-discovery/types.js +16 -0
package/dist/model/route-discovery/types.js.map +1 -0
package/dist/model/route-discovery/utils.d.ts +18 -0
package/dist/model/route-discovery/utils.d.ts.map +1 -0
package/dist/model/route-discovery/utils.js +55 -0
package/dist/model/route-discovery/utils.js.map +1 -0
package/dist/model/route-hierarchy.d.ts +50 -0
package/dist/model/route-hierarchy.d.ts.map +1 -0
package/dist/model/route-hierarchy.js +226 -0
package/dist/model/route-hierarchy.js.map +1 -0
package/dist/model/sanitiser-detection.d.ts +27 -0
package/dist/model/sanitiser-detection.d.ts.map +1 -0
package/dist/model/sanitiser-detection.js +224 -0
package/dist/model/sanitiser-detection.js.map +1 -0
package/dist/model/sink-matcher.d.ts +17 -0
package/dist/model/sink-matcher.d.ts.map +1 -0
package/dist/model/sink-matcher.js +141 -0
package/dist/model/sink-matcher.js.map +1 -0
package/dist/model/sink-patterns.d.ts +19 -0
package/dist/model/sink-patterns.d.ts.map +1 -0
package/dist/model/sink-patterns.js +88 -0
package/dist/model/sink-patterns.js.map +1 -0
package/dist/model/source-discovery.d.ts +15 -0
package/dist/model/source-discovery.d.ts.map +1 -0
package/dist/model/source-discovery.js +170 -0
package/dist/model/source-discovery.js.map +1 -0
package/dist/model/taint-tracker.d.ts +21 -0
package/dist/model/taint-tracker.d.ts.map +1 -0
package/dist/model/taint-tracker.js +281 -0
package/dist/model/taint-tracker.js.map +1 -0
package/dist/model/taint-types.d.ts +74 -0
package/dist/model/taint-types.d.ts.map +1 -0
package/dist/model/taint-types.js +9 -0
package/dist/model/taint-types.js.map +1 -0
package/dist/model/trpc-analyzer.d.ts +78 -0
package/dist/model/trpc-analyzer.d.ts.map +1 -0
package/dist/model/trpc-analyzer.js +297 -0
package/dist/model/trpc-analyzer.js.map +1 -0
package/dist/parse/file-classifier.d.ts +228 -0
package/dist/parse/file-classifier.d.ts.map +1 -0
package/dist/parse/file-classifier.js +933 -0
package/dist/parse/file-classifier.js.map +1 -0
package/dist/parse/path-exclusions.d.ts +55 -0
package/dist/parse/path-exclusions.d.ts.map +1 -0
package/dist/parse/path-exclusions.js +224 -0
package/dist/parse/path-exclusions.js.map +1 -0
package/dist/pipeline/config.d.ts +39 -0
package/dist/pipeline/config.d.ts.map +1 -0
package/dist/pipeline/config.js +46 -0
package/dist/pipeline/config.js.map +1 -0
package/dist/pipeline/index.d.ts +34 -0
package/dist/pipeline/index.d.ts.map +1 -0
package/dist/pipeline/index.js +377 -0
package/dist/pipeline/index.js.map +1 -0
package/dist/pipeline/modes/incremental.d.ts +66 -0
package/dist/pipeline/modes/incremental.d.ts.map +1 -0
package/dist/pipeline/modes/incremental.js +200 -0
package/dist/pipeline/modes/incremental.js.map +1 -0
package/dist/postprocess/aggregation.d.ts +14 -0
package/dist/postprocess/aggregation.d.ts.map +1 -0
package/dist/postprocess/aggregation.js +63 -0
package/dist/postprocess/aggregation.js.map +1 -0
package/dist/postprocess/contradictions.d.ts +18 -0
package/dist/postprocess/contradictions.d.ts.map +1 -0
package/dist/postprocess/contradictions.js +99 -0
package/dist/postprocess/contradictions.js.map +1 -0
package/dist/postprocess/dedup.d.ts +13 -0
package/dist/postprocess/dedup.d.ts.map +1 -0
package/dist/postprocess/dedup.js +58 -0
package/dist/postprocess/dedup.js.map +1 -0
package/dist/postprocess/filtering/context-adjustments.d.ts +23 -0
package/dist/postprocess/filtering/context-adjustments.d.ts.map +1 -0
package/dist/postprocess/filtering/context-adjustments.js +100 -0
package/dist/postprocess/filtering/context-adjustments.js.map +1 -0
package/dist/postprocess/filtering/index.d.ts +3 -0
package/dist/postprocess/filtering/index.d.ts.map +1 -0
package/dist/postprocess/filtering/index.js +8 -0
package/dist/postprocess/filtering/index.js.map +1 -0
package/dist/postprocess/filtering/pipeline.d.ts +48 -0
package/dist/postprocess/filtering/pipeline.d.ts.map +1 -0
package/dist/postprocess/filtering/pipeline.js +76 -0
package/dist/postprocess/filtering/pipeline.js.map +1 -0
package/dist/postprocess/index.d.ts +41 -0
package/dist/postprocess/index.d.ts.map +1 -0
package/dist/postprocess/index.js +85 -0
package/dist/postprocess/index.js.map +1 -0
package/dist/postprocess/suppression/config-loader.d.ts +74 -0
package/dist/postprocess/suppression/config-loader.d.ts.map +1 -0
package/dist/postprocess/suppression/config-loader.js +424 -0
package/dist/postprocess/suppression/config-loader.js.map +1 -0
package/dist/postprocess/suppression/hash.d.ts +48 -0
package/dist/postprocess/suppression/hash.d.ts.map +1 -0
package/dist/postprocess/suppression/hash.js +88 -0
package/dist/postprocess/suppression/hash.js.map +1 -0
package/dist/postprocess/suppression/index.d.ts +11 -0
package/dist/postprocess/suppression/index.d.ts.map +1 -0
package/dist/postprocess/suppression/index.js +39 -0
package/dist/postprocess/suppression/index.js.map +1 -0
package/dist/postprocess/suppression/inline-parser.d.ts +39 -0
package/dist/postprocess/suppression/inline-parser.d.ts.map +1 -0
package/dist/postprocess/suppression/inline-parser.js +218 -0
package/dist/postprocess/suppression/inline-parser.js.map +1 -0
package/dist/postprocess/suppression/manager.d.ts +94 -0
package/dist/postprocess/suppression/manager.d.ts.map +1 -0
package/dist/postprocess/suppression/manager.js +292 -0
package/dist/postprocess/suppression/manager.js.map +1 -0
package/dist/postprocess/suppression/types.d.ts +151 -0
package/dist/postprocess/suppression/types.d.ts.map +1 -0
package/dist/postprocess/suppression/types.js +28 -0
package/dist/postprocess/suppression/types.js.map +1 -0
package/dist/postprocess/validation-cap.d.ts +17 -0
package/dist/postprocess/validation-cap.d.ts.map +1 -0
package/dist/postprocess/validation-cap.js +64 -0
package/dist/postprocess/validation-cap.js.map +1 -0
package/dist/report/build-result.d.ts +33 -0
package/dist/report/build-result.d.ts.map +1 -0
package/dist/report/build-result.js +59 -0
package/dist/report/build-result.js.map +1 -0
package/dist/report/enrichment.d.ts +19 -0
package/dist/report/enrichment.d.ts.map +1 -0
package/dist/report/enrichment.js +44 -0
package/dist/report/enrichment.js.map +1 -0
package/dist/report/formatters/ai-context.d.ts +23 -0
package/dist/report/formatters/ai-context.d.ts.map +1 -0
package/dist/report/formatters/ai-context.js +238 -0
package/dist/report/formatters/ai-context.js.map +1 -0
package/dist/report/formatters/cli-terminal.d.ts +65 -0
package/dist/report/formatters/cli-terminal.d.ts.map +1 -0
package/dist/report/formatters/cli-terminal.js +735 -0
package/dist/report/formatters/cli-terminal.js.map +1 -0
package/dist/report/formatters/github-comment.d.ts +41 -0
package/dist/report/formatters/github-comment.d.ts.map +1 -0
package/dist/report/formatters/github-comment.js +370 -0
package/dist/report/formatters/github-comment.js.map +1 -0
package/dist/report/formatters/grouping.d.ts +52 -0
package/dist/report/formatters/grouping.d.ts.map +1 -0
package/dist/report/formatters/grouping.js +152 -0
package/dist/report/formatters/grouping.js.map +1 -0
package/dist/report/formatters/ide/claude-code.d.ts +17 -0
package/dist/report/formatters/ide/claude-code.d.ts.map +1 -0
package/dist/report/formatters/ide/claude-code.js +94 -0
package/dist/report/formatters/ide/claude-code.js.map +1 -0
package/dist/report/formatters/ide/cursor.d.ts +13 -0
package/dist/report/formatters/ide/cursor.d.ts.map +1 -0
package/dist/report/formatters/ide/cursor.js +125 -0
package/dist/report/formatters/ide/cursor.js.map +1 -0
package/dist/report/formatters/ide/index.d.ts +62 -0
package/dist/report/formatters/ide/index.d.ts.map +1 -0
package/dist/report/formatters/ide/index.js +184 -0
package/dist/report/formatters/ide/index.js.map +1 -0
package/dist/report/formatters/ide/windsurf.d.ts +13 -0
package/dist/report/formatters/ide/windsurf.d.ts.map +1 -0
package/dist/report/formatters/ide/windsurf.js +117 -0
package/dist/report/formatters/ide/windsurf.js.map +1 -0
package/dist/report/formatters/index.d.ts +11 -0
package/dist/report/formatters/index.d.ts.map +1 -0
package/dist/report/formatters/index.js +54 -0
package/dist/report/formatters/index.js.map +1 -0
package/dist/report/formatters/vscode-diagnostic.d.ts +103 -0
package/dist/report/formatters/vscode-diagnostic.d.ts.map +1 -0
package/dist/report/formatters/vscode-diagnostic.js +151 -0
package/dist/report/formatters/vscode-diagnostic.js.map +1 -0
package/dist/report/summary.d.ts +27 -0
package/dist/report/summary.d.ts.map +1 -0
package/dist/report/summary.js +57 -0
package/dist/report/summary.js.map +1 -0
package/dist/rules/metadata.d.ts.map +1 -1
package/dist/rules/metadata.js +66 -0
package/dist/rules/metadata.js.map +1 -1
package/dist/score/adjustments.d.ts +22 -0
package/dist/score/adjustments.d.ts.map +1 -0
package/dist/score/adjustments.js +373 -0
package/dist/score/adjustments.js.map +1 -0
package/dist/score/auto-dismiss.d.ts +28 -0
package/dist/score/auto-dismiss.d.ts.map +1 -0
package/dist/score/auto-dismiss.js +200 -0
package/dist/score/auto-dismiss.js.map +1 -0
package/dist/score/confidence.d.ts +19 -0
package/dist/score/confidence.d.ts.map +1 -0
package/dist/score/confidence.js +52 -0
package/dist/score/confidence.js.map +1 -0
package/dist/score/index.d.ts +61 -0
package/dist/score/index.d.ts.map +1 -0
package/dist/score/index.js +250 -0
package/dist/score/index.js.map +1 -0
package/dist/score/types.d.ts +160 -0
package/dist/score/types.d.ts.map +1 -0
package/dist/score/types.js +14 -0
package/dist/score/types.js.map +1 -0
package/dist/shared/ai-context/index.d.ts +6 -0
package/dist/shared/ai-context/index.d.ts.map +1 -0
package/dist/shared/ai-context/index.js +13 -0
package/dist/shared/ai-context/index.js.map +1 -0
package/dist/shared/ai-context/manager.d.ts +67 -0
package/dist/shared/ai-context/manager.d.ts.map +1 -0
package/dist/shared/ai-context/manager.js +104 -0
package/dist/shared/ai-context/manager.js.map +1 -0
package/dist/shared/baseline/diff.d.ts +32 -0
package/dist/shared/baseline/diff.d.ts.map +1 -0
package/dist/shared/baseline/diff.js +119 -0
package/dist/shared/baseline/diff.js.map +1 -0
package/dist/shared/baseline/index.d.ts +9 -0
package/dist/shared/baseline/index.d.ts.map +1 -0
package/dist/shared/baseline/index.js +19 -0
package/dist/shared/baseline/index.js.map +1 -0
package/dist/shared/baseline/manager.d.ts +67 -0
package/dist/shared/baseline/manager.d.ts.map +1 -0
package/dist/shared/baseline/manager.js +180 -0
package/dist/shared/baseline/manager.js.map +1 -0
package/dist/shared/baseline/types.d.ts +91 -0
package/dist/shared/baseline/types.d.ts.map +1 -0
package/dist/shared/baseline/types.js +12 -0
package/dist/shared/baseline/types.js.map +1 -0
package/dist/shared/category-filter.d.ts +125 -0
package/dist/shared/category-filter.d.ts.map +1 -0
package/dist/shared/category-filter.js +360 -0
package/dist/shared/category-filter.js.map +1 -0
package/dist/shared/code-analysis.d.ts +39 -0
package/dist/shared/code-analysis.d.ts.map +1 -0
package/dist/shared/code-analysis.js +159 -0
package/dist/shared/code-analysis.js.map +1 -0
package/dist/shared/comment-analyzer.d.ts +38 -0
package/dist/shared/comment-analyzer.d.ts.map +1 -0
package/dist/shared/comment-analyzer.js +218 -0
package/dist/shared/comment-analyzer.js.map +1 -0
package/dist/shared/diff-detector.d.ts +53 -0
package/dist/shared/diff-detector.d.ts.map +1 -0
package/dist/shared/diff-detector.js +104 -0
package/dist/shared/diff-detector.js.map +1 -0
package/dist/shared/diff-parser.d.ts +80 -0
package/dist/shared/diff-parser.d.ts.map +1 -0
package/dist/shared/diff-parser.js +202 -0
package/dist/shared/diff-parser.js.map +1 -0
package/dist/shared/environment-context.d.ts +76 -0
package/dist/shared/environment-context.d.ts.map +1 -0
package/dist/shared/environment-context.js +271 -0
package/dist/shared/environment-context.js.map +1 -0
package/dist/shared/intent-detector.d.ts +66 -0
package/dist/shared/intent-detector.d.ts.map +1 -0
package/dist/shared/intent-detector.js +282 -0
package/dist/shared/intent-detector.js.map +1 -0
package/dist/shared/parsed-file.d.ts +51 -0
package/dist/shared/parsed-file.d.ts.map +1 -0
package/dist/shared/parsed-file.js +95 -0
package/dist/shared/parsed-file.js.map +1 -0
package/dist/shared/registry-clients.d.ts +93 -0
package/dist/shared/registry-clients.d.ts.map +1 -0
package/dist/shared/registry-clients.js +273 -0
package/dist/shared/registry-clients.js.map +1 -0
package/dist/shared/rules/framework-fixes.d.ts +48 -0
package/dist/shared/rules/framework-fixes.d.ts.map +1 -0
package/dist/shared/rules/framework-fixes.js +439 -0
package/dist/shared/rules/framework-fixes.js.map +1 -0
package/dist/shared/rules/index.d.ts +8 -0
package/dist/shared/rules/index.d.ts.map +1 -0
package/dist/shared/rules/index.js +18 -0
package/dist/shared/rules/index.js.map +1 -0
package/dist/shared/rules/metadata.d.ts +43 -0
package/dist/shared/rules/metadata.d.ts.map +1 -0
package/dist/shared/rules/metadata.js +819 -0
package/dist/shared/rules/metadata.js.map +1 -0
package/dist/shared/schema-semantics.d.ts +45 -0
package/dist/shared/schema-semantics.d.ts.map +1 -0
package/dist/shared/schema-semantics.js +193 -0
package/dist/shared/schema-semantics.js.map +1 -0
package/dist/shared/types.d.ts +337 -0
package/dist/shared/types.d.ts.map +1 -0
package/dist/shared/types.js +126 -0
package/dist/shared/types.js.map +1 -0
package/dist/tiers.d.ts +2 -2
package/dist/tiers.d.ts.map +1 -1
package/dist/tiers.js +10 -0
package/dist/tiers.js.map +1 -1
package/dist/types.d.ts +1 -1
package/dist/types.d.ts.map +1 -1
package/dist/types.js.map +1 -1
package/dist/validate/clients.d.ts +44 -0
package/dist/validate/clients.d.ts.map +1 -0
package/dist/validate/clients.js +81 -0
package/dist/validate/clients.js.map +1 -0
package/dist/validate/index.d.ts +41 -0
package/dist/validate/index.d.ts.map +1 -0
package/dist/validate/index.js +141 -0
package/dist/validate/index.js.map +1 -0
package/dist/validate/prompts/index.d.ts +8 -0
package/dist/validate/prompts/index.d.ts.map +1 -0
package/dist/validate/prompts/index.js +16 -0
package/dist/validate/prompts/index.js.map +1 -0
package/dist/validate/prompts/modules/ai-patterns.d.ts +19 -0
package/dist/validate/prompts/modules/ai-patterns.d.ts.map +1 -0
package/dist/validate/prompts/modules/ai-patterns.js +156 -0
package/dist/validate/prompts/modules/ai-patterns.js.map +1 -0
package/dist/validate/prompts/modules/auth-access.d.ts +9 -0
package/dist/validate/prompts/modules/auth-access.d.ts.map +1 -0
package/dist/validate/prompts/modules/auth-access.js +25 -0
package/dist/validate/prompts/modules/auth-access.js.map +1 -0
package/dist/validate/prompts/modules/common.d.ts +11 -0
package/dist/validate/prompts/modules/common.d.ts.map +1 -0
package/dist/validate/prompts/modules/common.js +186 -0
package/dist/validate/prompts/modules/common.js.map +1 -0
package/dist/validate/prompts/modules/index.d.ts +54 -0
package/dist/validate/prompts/modules/index.d.ts.map +1 -0
package/dist/validate/prompts/modules/index.js +186 -0
package/dist/validate/prompts/modules/index.js.map +1 -0
package/dist/validate/prompts/modules/owasp-classic.d.ts +8 -0
package/dist/validate/prompts/modules/owasp-classic.d.ts.map +1 -0
package/dist/validate/prompts/modules/owasp-classic.js +84 -0
package/dist/validate/prompts/modules/owasp-classic.js.map +1 -0
package/dist/validate/prompts/modules/secrets-crypto.d.ts +8 -0
package/dist/validate/prompts/modules/secrets-crypto.d.ts.map +1 -0
package/dist/validate/prompts/modules/secrets-crypto.js +68 -0
package/dist/validate/prompts/modules/secrets-crypto.js.map +1 -0
package/dist/validate/prompts/modules/xss-prompt.d.ts +8 -0
package/dist/validate/prompts/modules/xss-prompt.d.ts.map +1 -0
package/dist/validate/prompts/modules/xss-prompt.js +22 -0
package/dist/validate/prompts/modules/xss-prompt.js.map +1 -0
package/dist/validate/prompts/semantic-analysis.d.ts +15 -0
package/dist/validate/prompts/semantic-analysis.d.ts.map +1 -0
package/dist/validate/prompts/semantic-analysis.js +169 -0
package/dist/validate/prompts/semantic-analysis.js.map +1 -0
package/dist/validate/prompts/validation.d.ts +18 -0
package/dist/validate/prompts/validation.d.ts.map +1 -0
package/dist/validate/prompts/validation.js +25 -0
package/dist/validate/prompts/validation.js.map +1 -0
package/dist/validate/providers/anthropic.d.ts +17 -0
package/dist/validate/providers/anthropic.d.ts.map +1 -0
package/dist/validate/providers/anthropic.js +260 -0
package/dist/validate/providers/anthropic.js.map +1 -0
package/dist/validate/providers/index.d.ts +8 -0
package/dist/validate/providers/index.d.ts.map +1 -0
package/dist/validate/providers/index.js +13 -0
package/dist/validate/providers/index.js.map +1 -0
package/dist/validate/providers/openai.d.ts +14 -0
package/dist/validate/providers/openai.d.ts.map +1 -0
package/dist/validate/providers/openai.js +336 -0
package/dist/validate/providers/openai.js.map +1 -0
package/dist/validate/request-builder.d.ts +61 -0
package/dist/validate/request-builder.d.ts.map +1 -0
package/dist/validate/request-builder.js +346 -0
package/dist/validate/request-builder.js.map +1 -0
package/dist/validate/types.d.ts +88 -0
package/dist/validate/types.d.ts.map +1 -0
package/dist/validate/types.js +38 -0
package/dist/validate/types.js.map +1 -0
package/dist/validate/utils/context-extractor.d.ts +55 -0
package/dist/validate/utils/context-extractor.d.ts.map +1 -0
package/dist/validate/utils/context-extractor.js +161 -0
package/dist/validate/utils/context-extractor.js.map +1 -0
package/dist/validate/utils/index.d.ts +11 -0
package/dist/validate/utils/index.d.ts.map +1 -0
package/dist/validate/utils/index.js +27 -0
package/dist/validate/utils/index.js.map +1 -0
package/dist/validate/utils/path-helpers.d.ts +21 -0
package/dist/validate/utils/path-helpers.d.ts.map +1 -0
package/dist/validate/utils/path-helpers.js +69 -0
package/dist/validate/utils/path-helpers.js.map +1 -0
package/dist/validate/utils/response-parser.d.ts +40 -0
package/dist/validate/utils/response-parser.d.ts.map +1 -0
package/dist/validate/utils/response-parser.js +286 -0
package/dist/validate/utils/response-parser.js.map +1 -0
package/dist/validate/utils/retry.d.ts +15 -0
package/dist/validate/utils/retry.d.ts.map +1 -0
package/dist/validate/utils/retry.js +62 -0
package/dist/validate/utils/retry.js.map +1 -0
package/package.json +8 -7
package/src/__tests__/benchmark/fixtures/layer1/agent-skill-injection.ts +204 -0
package/src/__tests__/benchmark/fixtures/layer1/index.ts +3 -0
package/src/__tests__/benchmark/fixtures/layer2/index.ts +15 -0
package/src/__tests__/benchmark/fixtures/layer2/log-injection.ts +147 -0
package/src/__tests__/benchmark/fixtures/layer2/security-headers.ts +197 -0
package/src/__tests__/benchmark/fixtures/layer2/ssrf-detection.ts +210 -0
package/src/__tests__/benchmark/fixtures/layer2/xxe-detection.ts +195 -0
package/src/__tests__/benchmark/run-depth-validation.ts +3 -3
package/src/__tests__/benchmark/run-real-world-test.ts +4 -4
package/src/__tests__/benchmark/types.ts +1 -1
package/src/__tests__/benchmark/utils/test-runner.ts +3 -3
package/src/__tests__/category-filter.test.ts +2 -2
package/src/__tests__/context-engine/cross-file-taint.test.ts +284 -0
package/src/__tests__/context-engine/framework-models.test.ts +457 -0
package/src/__tests__/context-engine/function-classifier.test.ts +146 -0
package/src/__tests__/context-engine/import-resolver.test.ts +328 -0
package/src/__tests__/context-engine/integration.test.ts +320 -0
package/src/__tests__/context-engine/module-graph.test.ts +159 -0
package/src/__tests__/context-engine/route-discovery/auth-resolver.test.ts +353 -0
package/src/__tests__/context-engine/route-discovery/express.test.ts +150 -0
package/src/__tests__/context-engine/route-discovery/nextjs.test.ts +138 -0
package/src/__tests__/context-engine/route-discovery/python.test.ts +95 -0
package/src/__tests__/context-engine/sanitiser-detection.test.ts +187 -0
package/src/__tests__/context-engine/sink-matcher.test.ts +251 -0
package/src/__tests__/context-engine/source-discovery.test.ts +186 -0
package/src/__tests__/context-engine/taint-tracker.test.ts +182 -0
package/src/__tests__/regression/agent-skill-benign.test.ts +174 -0
package/src/__tests__/regression/known-false-positives.test.ts +312 -4
package/src/__tests__/score/adjustments.test.ts +385 -0
package/src/__tests__/score/confidence.test.ts +283 -0
package/src/__tests__/score/framework-scoring.test.ts +275 -0
package/src/__tests__/score/route-scoring.test.ts +156 -0
package/src/__tests__/score/scoring-integration.test.ts +165 -0
package/src/__tests__/score/taint-adjustments.test.ts +244 -0
package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +37 -49
package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +52 -0
package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +3 -3
package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +2 -2
package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +1 -1
package/src/__tests__/snapshots/scan-depth.test.ts +3 -3
package/src/__tests__/validate/route-annotations.test.ts +138 -0
package/src/__tests__/validation/analyze-results.ts +1 -1
package/src/__tests__/validation/extract-for-triage.ts +1 -1
package/src/__tests__/validation/fp-deep-analysis.ts +1 -1
package/src/{layer2/ai-agent-tools.ts → detect/ai-code/agent-tools.ts} +23 -3
package/src/{layer2 → detect/ai-code}/byok-patterns.ts +17 -5
package/src/{layer2/ai-endpoint-protection.ts → detect/ai-code/endpoint-protection.ts} +8 -4
package/src/{layer2/ai-execution-sinks.ts → detect/ai-code/execution-sinks.ts} +8 -4
package/src/{layer2/ai-fingerprinting.ts → detect/ai-code/fingerprinting.ts} +20 -4
package/src/detect/ai-code/index.ts +11 -0
package/src/{layer2/ai-mcp-security.ts → detect/ai-code/mcp-security.ts} +7 -3
package/src/{layer2 → detect/ai-code}/model-supply-chain.ts +7 -3
package/src/{layer2/ai-package-hallucination.ts → detect/ai-code/package-hallucination.ts} +18 -3
package/src/{layer2/ai-prompt-hygiene.ts → detect/ai-code/prompt-hygiene.ts} +25 -3
package/src/{layer2/ai-rag-safety.ts → detect/ai-code/rag-safety.ts} +7 -3
package/src/{layer2/ai-schema-validation.ts → detect/ai-code/schema-validation.ts} +7 -3
package/src/detect/config/agent-skill-injection.ts +551 -0
package/src/{layer1 → detect/config}/comments.ts +6 -2
package/src/{layer1 → detect/config}/file-flags.ts +9 -3
package/src/detect/config/index.ts +6 -0
package/src/{layer3 → detect/config}/osv-check.ts +3 -2
package/src/{layer3 → detect/config}/package-check.ts +3 -2
package/src/{layer1 → detect/config}/urls.ts +12 -5
package/src/detect/index.ts +131 -0
package/src/{layer1 → detect/secrets}/config-audit.ts +7 -2
package/src/{layer1 → detect/secrets}/config-mcp-audit.ts +8 -3
package/src/{layer1 → detect/secrets}/entropy.ts +23 -11
package/src/{layer1 → detect/secrets}/index.ts +31 -30
package/src/{layer1 → detect/secrets}/patterns.ts +10 -3
package/src/{layer1 → detect/secrets}/weak-crypto.ts +7 -2
package/src/{layer2/auth-antipatterns.ts → detect/structural/auth-patterns.ts} +23 -11
package/src/{layer2 → detect/structural}/dangerous-functions/dom-xss.ts +1 -1
package/src/{layer2 → detect/structural}/dangerous-functions/index.ts +47 -24
package/src/{layer2 → detect/structural}/dangerous-functions/json-parse.ts +10 -2
package/src/{layer2 → detect/structural}/dangerous-functions/math-random.ts +2 -2
package/src/{layer2 → detect/structural}/dangerous-functions/patterns.ts +1 -1
package/src/{layer2 → detect/structural}/dangerous-functions/request-validation.ts +10 -2
package/src/{layer2 → detect/structural}/dangerous-functions/utils/control-flow.ts +2 -2
package/src/{layer2 → detect/structural}/data-exposure.ts +11 -3
package/src/{layer2 → detect/structural}/framework-checks.ts +10 -11
package/src/{layer2 → detect/structural}/index.ts +80 -77
package/src/detect/structural/log-injection.ts +254 -0
package/src/{layer2 → detect/structural}/logic-gates.ts +13 -5
package/src/{layer2 → detect/structural}/risky-imports.ts +7 -3
package/src/detect/structural/security-headers.ts +231 -0
package/src/detect/structural/ssrf-detection.ts +300 -0
package/src/{layer2 → detect/structural}/variables.ts +7 -3
package/src/detect/structural/xxe-detection.ts +295 -0
package/src/index.ts +39 -1291
package/src/{utils → model}/auth-helper-detector.ts +1 -1
package/src/model/cross-file-taint.ts +374 -0
package/src/model/framework-models/django.ts +82 -0
package/src/model/framework-models/express.ts +54 -0
package/src/model/framework-models/index.ts +116 -0
package/src/model/framework-models/nextjs.ts +69 -0
package/src/model/framework-models/prisma.ts +57 -0
package/src/model/framework-models/react.ts +63 -0
package/src/model/framework-models/sequelize.ts +63 -0
package/src/model/framework-models/types.ts +46 -0
package/src/model/function-classifier.ts +184 -0
package/src/model/import-resolver.ts +453 -0
package/src/{utils → model}/imported-auth-detector.ts +21 -85
package/src/model/index.ts +353 -0
package/src/{utils → model}/middleware-detector.ts +156 -17
package/src/model/module-graph.ts +254 -0
package/src/{utils → model}/oauth-flow-detector.ts +1 -1
package/src/{utils/project-context-builder.ts → model/project-context.ts} +1 -1
package/src/model/route-auth-resolver.ts +216 -0
package/src/model/route-discovery/express.ts +251 -0
package/src/model/route-discovery/index.ts +83 -0
package/src/model/route-discovery/nextjs.ts +216 -0
package/src/model/route-discovery/python.ts +214 -0
package/src/model/route-discovery/types.ts +48 -0
package/src/model/route-discovery/utils.ts +54 -0
package/src/model/sanitiser-detection.ts +268 -0
package/src/model/sink-matcher.ts +178 -0
package/src/model/sink-patterns.ts +109 -0
package/src/model/source-discovery.ts +209 -0
package/src/model/taint-tracker.ts +333 -0
package/src/model/taint-types.ts +149 -0
package/src/{utils → model}/trpc-analyzer.ts +1 -1
package/src/{utils/context-helpers.ts → parse/file-classifier.ts} +54 -0
package/src/{utils → parse}/path-exclusions.ts +1 -1
package/src/pipeline/config.ts +81 -0
package/src/pipeline/index.ts +437 -0
package/src/{modes → pipeline/modes}/incremental.ts +5 -5
package/src/postprocess/aggregation.ts +74 -0
package/src/postprocess/contradictions.ts +128 -0
package/src/postprocess/dedup.ts +62 -0
package/src/{filtering → postprocess/filtering}/__tests__/pipeline.test.ts +1 -1
package/src/{filtering → postprocess/filtering}/context-adjustments.ts +2 -2
package/src/{filtering → postprocess/filtering}/pipeline.ts +2 -2
package/src/postprocess/index.ts +118 -0
package/src/{suppression → postprocess/suppression}/config-loader.ts +1 -1
package/src/{suppression → postprocess/suppression}/hash.ts +1 -1
package/src/{suppression → postprocess/suppression}/inline-parser.ts +1 -1
package/src/{suppression → postprocess/suppression}/manager.ts +1 -1
package/src/{suppression → postprocess/suppression}/types.ts +2 -2
package/src/postprocess/validation-cap.ts +66 -0
package/src/report/build-result.ts +94 -0
package/src/report/enrichment.ts +52 -0
package/src/{formatters → report/formatters}/ai-context.ts +1 -1
package/src/{formatters → report/formatters}/cli-terminal.ts +11 -11
package/src/{formatters → report/formatters}/github-comment.ts +1 -1
package/src/{formatters → report/formatters}/grouping.ts +8 -8
package/src/{formatters → report/formatters}/ide/claude-code.ts +1 -1
package/src/{formatters → report/formatters}/ide/cursor.ts +1 -1
package/src/{formatters → report/formatters}/ide/windsurf.ts +1 -1
package/src/{formatters → report/formatters}/vscode-diagnostic.ts +1 -1
package/src/report/summary.ts +70 -0
package/src/score/adjustments.ts +387 -0
package/src/{layer3/anthropic → score}/auto-dismiss.ts +15 -14
package/src/score/confidence.ts +66 -0
package/src/score/index.ts +316 -0
package/src/score/types.ts +187 -0
package/src/{baseline → shared/baseline}/__tests__/diff.test.ts +2 -2
package/src/{baseline → shared/baseline}/diff.ts +1 -1
package/src/{baseline → shared/baseline}/manager.ts +1 -1
package/src/{category-filter.ts → shared/category-filter.ts} +1 -1
package/src/{utils → shared}/code-analysis.ts +1 -1
package/src/{rules → shared/rules}/__tests__/metadata.test.ts +7 -0
package/src/{rules → shared/rules}/framework-fixes.ts +1 -1
package/src/{rules → shared/rules}/metadata.ts +94 -0
package/src/{types.ts → shared/types.ts} +22 -5
package/src/tiers.ts +18 -1
package/src/validate/__tests__/context-extractor.test.ts +191 -0
package/src/validate/__tests__/prompt-assembly.test.ts +233 -0
package/src/validate/__tests__/request-builder.test.ts +347 -0
package/src/{layer3/anthropic → validate}/index.ts +8 -7
package/src/{layer3/anthropic → validate}/prompts/index.ts +2 -0
package/src/validate/prompts/modules/ai-patterns.ts +153 -0
package/src/validate/prompts/modules/auth-access.ts +22 -0
package/src/validate/prompts/modules/common.ts +183 -0
package/src/validate/prompts/modules/index.ts +204 -0
package/src/validate/prompts/modules/owasp-classic.ts +81 -0
package/src/validate/prompts/modules/secrets-crypto.ts +65 -0
package/src/validate/prompts/modules/xss-prompt.ts +19 -0
package/src/validate/prompts/validation.ts +20 -0
package/src/{layer3/anthropic → validate}/providers/anthropic.ts +28 -27
package/src/validate/providers/index.ts +8 -0
package/src/{layer3/anthropic → validate}/providers/openai.ts +30 -25
package/src/validate/request-builder.ts +448 -0
package/src/{layer3/anthropic → validate}/types.ts +1 -1
package/src/validate/utils/context-extractor.ts +220 -0
package/src/{layer3/anthropic → validate}/utils/index.ts +10 -0
package/src/{layer3/anthropic → validate}/utils/response-parser.ts +2 -1
package/src/layer3/anthropic/prompts/validation.ts +0 -419
package/src/layer3/anthropic/providers/index.ts +0 -8
package/src/layer3/anthropic/request-builder.ts +0 -150
package/src/layer3/index.ts +0 -168
/package/src/{layer3 → detect/config}/__tests__/osv-check.test.ts +0 -0
/package/src/{layer2 → detect/structural}/__tests__/math-random-enhanced.test.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/child-process.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/utils/helpers.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/utils/index.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/utils/schema-validation.ts +0 -0
/package/src/{utils → model}/route-hierarchy.ts +0 -0
/package/src/{filtering → postprocess/filtering}/index.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/config-loader.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/hash.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/inline-parser.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/manager.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/index.ts +0 -0
/package/src/{formatters → report/formatters}/__tests__/ai-context.test.ts +0 -0
/package/src/{formatters → report/formatters}/ide/__tests__/ide.test.ts +0 -0
/package/src/{formatters → report/formatters}/ide/index.ts +0 -0
/package/src/{formatters → report/formatters}/index.ts +0 -0
/package/src/{utils → shared}/__tests__/code-analysis.test.ts +0 -0
/package/src/{utils → shared}/__tests__/parsed-file.test.ts +0 -0
/package/src/{ai-context → shared/ai-context}/__tests__/manager.test.ts +0 -0
/package/src/{ai-context → shared/ai-context}/index.ts +0 -0
/package/src/{ai-context → shared/ai-context}/manager.ts +0 -0
/package/src/{baseline → shared/baseline}/__tests__/manager.test.ts +0 -0
/package/src/{baseline → shared/baseline}/index.ts +0 -0
/package/src/{baseline → shared/baseline}/types.ts +0 -0
/package/src/{utils → shared}/comment-analyzer.ts +0 -0
/package/src/{utils → shared}/diff-detector.ts +0 -0
/package/src/{utils → shared}/diff-parser.ts +0 -0
/package/src/{utils → shared}/environment-context.ts +0 -0
/package/src/{utils → shared}/intent-detector.ts +0 -0
/package/src/{utils → shared}/parsed-file.ts +0 -0
/package/src/{utils → shared}/registry-clients.ts +0 -0
/package/src/{rules → shared/rules}/__tests__/framework-fixes.test.ts +0 -0
/package/src/{rules → shared/rules}/index.ts +0 -0
/package/src/{utils → shared}/schema-semantics.ts +0 -0
/package/src/{layer3/anthropic → validate}/clients.ts +0 -0
/package/src/{layer3/anthropic → validate}/prompts/semantic-analysis.ts +0 -0
/package/src/{layer3/anthropic → validate}/utils/path-helpers.ts +0 -0
/package/src/{layer3/anthropic → validate}/utils/retry.ts +0 -0

package/dist/detect/structural/dangerous-functions/utils/helpers.js ADDED Viewed

@@ -0,0 +1,147 @@
+"use strict";
+/**
+ * General Helper Utilities
+ *
+ * Small utility functions used across the dangerous functions detection module.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getLineContent = getLineContent;
+exports.getLineRange = getLineRange;
+exports.hasOnlyStaticInputs = hasOnlyStaticInputs;
+exports.hasPathTraversalProtection = hasPathTraversalProtection;
+exports.hasThrowingAuthHelper = hasThrowingAuthHelper;
+/**
+ * Get a specific line from content by line number (0-indexed)
+ */
+function getLineContent(content, lineNumber) {
+    const lines = content.split('\n');
+    return lines[lineNumber] || '';
+}
+/**
+ * Get a range of lines from content
+ */
+function getLineRange(content, startLine, endLine) {
+    const lines = content.split('\n');
+    const start = Math.max(0, startLine);
+    const end = Math.min(lines.length, endLine);
+    return lines.slice(start, end).join('\n');
+}
+/**
+ * Check if eval/exec/Function has only static literal inputs (no user data)
+ * Static inputs like eval('({ mode: "production" })') are low risk
+ *
+ * Returns true ONLY if the argument is a string literal (not a variable)
+ */
+function hasOnlyStaticInputs(lineContent, content, lineNumber) {
+    // Check if the argument to eval/exec/Function is a string literal ONLY
+    // If it's a variable, it's NOT static (could come from anywhere)
+    //
+    // String literal patterns:
+    // - Single quotes: 'content with "double quotes" inside' (no $ interpolation)
+    // - Double quotes: "content" (no $ interpolation)
+    // - Backticks without ${}: `content` (template literal but no interpolation)
+    //
+    // Note: We allow quotes INSIDE the string (e.g., 'text "with" quotes')
+    // but NOT $ (which would indicate interpolation)
+    const staticPatterns = [
+        // Single-quoted string: eval('...') - can contain anything except single quotes and $
+        /eval\s*\(\s*'[^'$]*'\s*\)/,
+        // Double-quoted string: eval("...") - can contain anything except double quotes and $
+        /eval\s*\(\s*"[^"$]*"\s*\)/,
+        // Backtick without interpolation: eval(`...`) - must not have ${ inside
+        /eval\s*\(\s*`[^`$]*`\s*\)/,
+        // Function constructor with string literal
+        /new\s+Function\s*\(\s*'[^'$]*'\s*\)/,
+        /new\s+Function\s*\(\s*"[^"$]*"\s*\)/,
+        // execSync with string literal
+        /execSync\s*\(\s*'[^'$]*'\s*\)/,
+        /execSync\s*\(\s*"[^"$]*"\s*\)/,
+        // exec with string literal
+        /exec\s*\(\s*'[^'$]*'/,
+        /exec\s*\(\s*"[^"$]*"/,
+    ];
+    // Only return true if it matches a static pattern (string literal)
+    // If it's a variable like eval(code), we can't assume it's static
+    return staticPatterns.some(p => p.test(lineContent));
+}
+/**
+ * Check if path traversal protection is in place
+ * Looks for common sanitization patterns that prevent directory traversal attacks
+ */
+function hasPathTraversalProtection(context, lineContent) {
+    const protectionPatterns = [
+        // Path normalization with base directory check (same line)
+        /path\.resolve\s*\([^)]+\).*\.startsWith\s*\(/i,
+        // startsWith check with common safe directory variable names
+        /\.startsWith\s*\([^)]*(?:baseDir|basePath|rootDir|uploadDir|allowedDir|safeDir|SAFE_)/i,
+        // MULTI-LINE PATTERN: path.resolve followed by startsWith check in context
+        // This handles the common case where resolve and startsWith are on separate lines:
+        //   const resolved = path.resolve(baseDir, userPath)
+        //   if (!resolved.startsWith(baseDir)) throw new Error()
+        // We check for BOTH patterns being present in the context
+        // (handled below as combined check)
+        // Explicit ".." rejection
+        /\.includes\s*\(\s*['"`]\.\.['"`]\s*\)/i,
+        /\.indexOf\s*\(\s*['"`]\.\.['"`]\s*\)/i,
+        /['"`]\.\.['"`].*(?:throw|reject|return|error)/i,
+        // Replace ".." pattern (sanitization)
+        /\.replace\s*\([^)]*\\?\.\\?\.\s*[^)]*,\s*['"`]['"`]\s*\)/i,
+        // Path sanitization libraries
+        /sanitizePath|sanitizeFilename|sanitize-filename/i,
+        /path-sanitizer|secure-path/i,
+        // Explicit path validation
+        /validatePath|isValidPath|checkPath|verifyPath/i,
+        /isPathAllowed|isAllowedPath|pathIsAllowed/i,
+        // Normalize and check pattern
+        /path\.normalize\s*\([^)]+\).*(?:startsWith|includes|indexOf)/i,
+        // Regex validation for safe characters only
+        /\/\^?\[a-zA-Z0-9_\-\.\\\/\]\+\$?\//, // Only alphanumeric, dash, underscore, dot
+        // Allowlist/whitelist patterns
+        /allowedExtensions|allowedTypes|whitelist/i,
+        /\.endsWith\s*\(\s*['"`]\.\w+['"`]\s*\)/i, // Extension check
+        // Path.basename to strip directory
+        /path\.basename\s*\(/i,
+        // Zod/validation for filename patterns
+        /z\.string\s*\(\s*\)\.regex\s*\(/i,
+    ];
+    // Check single-line patterns
+    if (protectionPatterns.some(p => p.test(context) || p.test(lineContent))) {
+        return true;
+    }
+    // Multi-line pattern: path.resolve + startsWith check on separate lines
+    // This is a very common secure pattern:
+    //   const resolved = path.resolve(safeBaseDir, userInput)
+    //   if (!resolved.startsWith(safeBaseDir)) { throw ... }
+    const hasPathResolve = /path\.resolve\s*\(/i.test(context);
+    const hasStartsWithCheck = /\.startsWith\s*\(/i.test(context);
+    const hasThrowOnFailure = /(throw|return|reject)\s+.*(error|invalid|denied)/i.test(context);
+    if (hasPathResolve && hasStartsWithCheck && hasThrowOnFailure) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Check if route has throwing auth helper (getCurrentUserId, requireAuth, etc.)
+ * Routes with throwing auth helpers are already protected
+ */
+function hasThrowingAuthHelper(content) {
+    const throwingAuthPatterns = [
+        /\bgetCurrentUserId\s*\(/i,
+        /\brequireAuth\s*\(/i,
+        /\bensureAuth\s*\(/i,
+        /\bauth\s*\(\s*\)\s*\.protect\s*\(/i, // Clerk: auth().protect()
+        /\bcurrentUser\s*\(\s*\)/i, // Clerk: currentUser()
+        /\bgetServerSession\s*\([^)]*\)/i, // NextAuth
+        /\bauth\s*\(\s*\)/i, // Generic auth() call
+        /\bcheckAuth\s*\(/i,
+        /\bverifyAuth\s*\(/i,
+        /\bvalidateAuth\s*\(/i,
+        /\bassertAuth\s*\(/i,
+        /\bgetAuth\s*\(/i,
+        /\brequireUser\s*\(/i,
+        /\bgetUser\s*\(\s*\)/i, // supabase.auth.getUser()
+        /const\s+\{\s*user\s*\}\s*=\s*await/i, // Destructuring pattern
+    ];
+    return throwingAuthPatterns.some(p => p.test(content));
+}
+//# sourceMappingURL=helpers.js.map

package/dist/detect/structural/dangerous-functions/utils/helpers.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"helpers.js","sourceRoot":"","sources":["../../../../../src/detect/structural/dangerous-functions/utils/helpers.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAKH,wCAGC;AAKD,oCASC;AAQD,kDAoCC;AAMD,gEAoEC;AAMD,sDAmBC;AAnKD;;GAEG;AACH,SAAgB,cAAc,CAAC,OAAe,EAAE,UAAkB;IAChE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,OAAO,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAA;AAChC,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY,CAC1B,OAAe,EACf,SAAiB,EACjB,OAAe;IAEf,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,CAAC,CAAA;IACpC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC3C,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAC3C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB,CACjC,WAAmB,EACnB,OAAe,EACf,UAAkB;IAElB,uEAAuE;IACvE,iEAAiE;IACjE,EAAE;IACF,2BAA2B;IAC3B,8EAA8E;IAC9E,kDAAkD;IAClD,6EAA6E;IAC7E,EAAE;IACF,uEAAuE;IACvE,iDAAiD;IACjD,MAAM,cAAc,GAAG;QACrB,sFAAsF;QACtF,2BAA2B;QAC3B,sFAAsF;QACtF,2BAA2B;QAC3B,wEAAwE;QACxE,2BAA2B;QAC3B,2CAA2C;QAC3C,qCAAqC;QACrC,qCAAqC;QACrC,+BAA+B;QAC/B,+BAA+B;QAC/B,+BAA+B;QAC/B,2BAA2B;QAC3B,sBAAsB;QACtB,sBAAsB;KACvB,CAAA;IAED,mEAAmE;IACnE,kEAAkE;IAClE,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;AACtD,CAAC;AAED;;;GAGG;AACH,SAAgB,0BAA0B,CACxC,OAAe,EACf,WAAmB;IAEnB,MAAM,kBAAkB,GAAG;QACzB,2DAA2D;QAC3D,+CAA+C;QAE/C,6DAA6D;QAC7D,wFAAwF;QAExF,2EAA2E;QAC3E,mFAAmF;QACnF,qDAAqD;QACrD,yDAAyD;QACzD,0DAA0D;QAC1D,oCAAoC;QAEpC,0BAA0B;QAC1B,wCAAwC;QACxC,uCAAuC;QACvC,gDAAgD;QAChD,sCAAsC;QACtC,2DAA2D;QAE3D,8BAA8B;QAC9B,kDAAkD;QAClD,6BAA6B;QAE7B,2BAA2B;QAC3B,gDAAgD;QAChD,4CAA4C;QAE5C,8BAA8B;QAC9B,+DAA+D;QAE/D,4CAA4C;QAC5C,oCAAoC,EAAE,2CAA2C;QAEjF,+BAA+B;QAC/B,2CAA2C;QAC3C,yCAAyC,EAAE,kBAAkB;QAE7D,mCAAmC;QACnC,sBAAsB;QAEtB,uCAAuC;QACvC,kCAAkC;KACnC,CAAA;IAED,6BAA6B;IAC7B,IAAI,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QACzE,OAAO,IAAI,CAAA;IACb,CAAC;IAED,wEAAwE;IACxE,wCAAwC;IACxC,0DAA0D;IAC1D,yDAAyD;IACzD,MAAM,cAAc,GAAG,qBAAqB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAC1D,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAC7D,MAAM,iBAAiB,GAAG,mDAAmD,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAE3F,IAAI,cAAc,IAAI,kBAAkB,IAAI,iBAAiB,EAAE,CAAC;QAC9D,OAAO,IAAI,CAAA;IACb,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;GAGG;AACH,SAAgB,qBAAqB,CAAC,OAAe;IACnD,MAAM,oBAAoB,GAAG;QAC3B,0BAA0B;QAC1B,qBAAqB;QACrB,oBAAoB;QACpB,oCAAoC,EAAE,0BAA0B;QAChE,0BAA0B,EAAE,uBAAuB;QACnD,iCAAiC,EAAE,WAAW;QAC9C,mBAAmB,EAAE,sBAAsB;QAC3C,mBAAmB;QACnB,oBAAoB;QACpB,sBAAsB;QACtB,oBAAoB;QACpB,iBAAiB;QACjB,qBAAqB;QACrB,sBAAsB,EAAE,0BAA0B;QAClD,qCAAqC,EAAE,wBAAwB;KAChE,CAAA;IACD,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACxD,CAAC"}

package/dist/detect/structural/dangerous-functions/utils/index.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Utility Functions Index
+ *
+ * Re-exports all utility functions from the dangerous-functions module.
+ */
+export { isInsideTryCatch, hasTryCatchNearby, extractFunctionContext, } from './control-flow';
+export { hasSchemaValidationNearby, hasManualValidation, hasSQLWhitelistValidation, } from './schema-validation';
+export { getLineContent, getLineRange, hasOnlyStaticInputs, hasPathTraversalProtection, hasThrowingAuthHelper, } from './helpers';
+//# sourceMappingURL=index.d.ts.map

package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/detect/structural/dangerous-functions/utils/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,sBAAsB,GACvB,MAAM,gBAAgB,CAAA;AAEvB,OAAO,EACL,yBAAyB,EACzB,mBAAmB,EACnB,yBAAyB,GAC1B,MAAM,qBAAqB,CAAA;AAE5B,OAAO,EACL,cAAc,EACd,YAAY,EACZ,mBAAmB,EACnB,0BAA0B,EAC1B,qBAAqB,GACtB,MAAM,WAAW,CAAA"}

package/dist/detect/structural/dangerous-functions/utils/index.js ADDED Viewed

@@ -0,0 +1,23 @@
+"use strict";
+/**
+ * Utility Functions Index
+ *
+ * Re-exports all utility functions from the dangerous-functions module.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hasThrowingAuthHelper = exports.hasPathTraversalProtection = exports.hasOnlyStaticInputs = exports.getLineRange = exports.getLineContent = exports.hasSQLWhitelistValidation = exports.hasManualValidation = exports.hasSchemaValidationNearby = exports.extractFunctionContext = exports.hasTryCatchNearby = exports.isInsideTryCatch = void 0;
+var control_flow_1 = require("./control-flow");
+Object.defineProperty(exports, "isInsideTryCatch", { enumerable: true, get: function () { return control_flow_1.isInsideTryCatch; } });
+Object.defineProperty(exports, "hasTryCatchNearby", { enumerable: true, get: function () { return control_flow_1.hasTryCatchNearby; } });
+Object.defineProperty(exports, "extractFunctionContext", { enumerable: true, get: function () { return control_flow_1.extractFunctionContext; } });
+var schema_validation_1 = require("./schema-validation");
+Object.defineProperty(exports, "hasSchemaValidationNearby", { enumerable: true, get: function () { return schema_validation_1.hasSchemaValidationNearby; } });
+Object.defineProperty(exports, "hasManualValidation", { enumerable: true, get: function () { return schema_validation_1.hasManualValidation; } });
+Object.defineProperty(exports, "hasSQLWhitelistValidation", { enumerable: true, get: function () { return schema_validation_1.hasSQLWhitelistValidation; } });
+var helpers_1 = require("./helpers");
+Object.defineProperty(exports, "getLineContent", { enumerable: true, get: function () { return helpers_1.getLineContent; } });
+Object.defineProperty(exports, "getLineRange", { enumerable: true, get: function () { return helpers_1.getLineRange; } });
+Object.defineProperty(exports, "hasOnlyStaticInputs", { enumerable: true, get: function () { return helpers_1.hasOnlyStaticInputs; } });
+Object.defineProperty(exports, "hasPathTraversalProtection", { enumerable: true, get: function () { return helpers_1.hasPathTraversalProtection; } });
+Object.defineProperty(exports, "hasThrowingAuthHelper", { enumerable: true, get: function () { return helpers_1.hasThrowingAuthHelper; } });
+//# sourceMappingURL=index.js.map

package/dist/detect/structural/dangerous-functions/utils/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/detect/structural/dangerous-functions/utils/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,+CAIuB;AAHrB,gHAAA,gBAAgB,OAAA;AAChB,iHAAA,iBAAiB,OAAA;AACjB,sHAAA,sBAAsB,OAAA;AAGxB,yDAI4B;AAH1B,8HAAA,yBAAyB,OAAA;AACzB,wHAAA,mBAAmB,OAAA;AACnB,8HAAA,yBAAyB,OAAA;AAG3B,qCAMkB;AALhB,yGAAA,cAAc,OAAA;AACd,uGAAA,YAAY,OAAA;AACZ,8GAAA,mBAAmB,OAAA;AACnB,qHAAA,0BAA0B,OAAA;AAC1B,gHAAA,qBAAqB,OAAA"}

package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+/**
+ * Schema Validation Detection Utilities
+ *
+ * Functions for detecting schema validation patterns (zod, yup, joi, etc.)
+ * and manual validation patterns.
+ */
+/**
+ * Check if schema validation is applied near a JSON.parse call
+ * Looks for zod, yup, joi, or similar validation patterns
+ */
+export declare function hasSchemaValidationNearby(content: string, lineNumber: number): boolean;
+/**
+ * Check if this file appears to have form/input validation elsewhere
+ * (manual checks on body fields, type guards, etc.)
+ */
+export declare function hasManualValidation(content: string): boolean;
+/**
+ * Check if SQL query uses whitelist validation pattern
+ * e.g., columns validated against allowedColumns array before use
+ */
+export declare function hasSQLWhitelistValidation(content: string, lineNumber: number): boolean;
+//# sourceMappingURL=schema-validation.d.ts.map

package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"schema-validation.d.ts","sourceRoot":"","sources":["../../../../../src/detect/structural/dangerous-functions/utils/schema-validation.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;GAGG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAkCtF;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAe5D;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAiCtF"}

package/dist/detect/structural/dangerous-functions/utils/schema-validation.js ADDED Viewed

@@ -0,0 +1,102 @@
+"use strict";
+/**
+ * Schema Validation Detection Utilities
+ *
+ * Functions for detecting schema validation patterns (zod, yup, joi, etc.)
+ * and manual validation patterns.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hasSchemaValidationNearby = hasSchemaValidationNearby;
+exports.hasManualValidation = hasManualValidation;
+exports.hasSQLWhitelistValidation = hasSQLWhitelistValidation;
+/**
+ * Check if schema validation is applied near a JSON.parse call
+ * Looks for zod, yup, joi, or similar validation patterns
+ */
+function hasSchemaValidationNearby(content, lineNumber) {
+    const lines = content.split('\n');
+    const start = Math.max(0, lineNumber - 5);
+    const end = Math.min(lines.length, lineNumber + 10);
+    const context = lines.slice(start, end).join('\n');
+    const schemaValidationPatterns = [
+        // Zod patterns
+        /z\.(object|string|number|array|boolean)\s*\(/i,
+        /\.parse\s*\(/i,
+        /\.safeParse\s*\(/i,
+        /schema\.parse/i,
+        /Schema\.parse/i,
+        // Yup patterns
+        /yup\.(object|string|number|array|boolean)\s*\(/i,
+        /\.validate\s*\(/i,
+        /\.validateSync\s*\(/i,
+        // Joi patterns
+        /Joi\.(object|string|number|array|boolean)\s*\(/i,
+        /\.validateAsync\s*\(/i,
+        // Valibot patterns
+        /v\.(object|string|number|array|boolean)\s*\(/i,
+        // AJV patterns
+        /ajv\.compile/i,
+        /validate\s*\(\s*schema/i,
+        // TypeBox patterns
+        /Type\.(Object|String|Number|Array|Boolean)\s*\(/i,
+        // Generic validation patterns
+        /validateSchema/i,
+        /schemaValidator/i,
+        /parseAndValidate/i,
+    ];
+    return schemaValidationPatterns.some(p => p.test(context));
+}
+/**
+ * Check if this file appears to have form/input validation elsewhere
+ * (manual checks on body fields, type guards, etc.)
+ */
+function hasManualValidation(content) {
+    const manualValidationPatterns = [
+        // Type checking / type guards
+        /typeof\s+\w+\s*[!=]==?\s*['"](?:string|number|boolean|object)['"]|Array\.isArray\s*\(/i,
+        // Field existence checks followed by throws/returns
+        /if\s*\(\s*!(?:body|data|input)\.\w+\s*\)\s*\{?\s*(throw|return)/i,
+        // Property access with type assertion comments or inline validation
+        /\b(body|data|input)\s*as\s+\w+/i, // Type assertion
+        // Manual validation with error handling
+        /if\s*\(\s*![\w.]+\s*\|\|\s*typeof\s+[\w.]+/i,
+        // Using type predicates
+        /is\w+\s*\([\w.]+\)/i, // isFoo(bar) pattern
+    ];
+    return manualValidationPatterns.some(p => p.test(content));
+}
+/**
+ * Check if SQL query uses whitelist validation pattern
+ * e.g., columns validated against allowedColumns array before use
+ */
+function hasSQLWhitelistValidation(content, lineNumber) {
+    const lines = content.split('\n');
+    const contextStart = Math.max(0, lineNumber - 20);
+    const contextEnd = Math.min(lines.length, lineNumber + 5);
+    const context = lines.slice(contextStart, contextEnd).join('\n');
+    // Whitelist/allowlist validation patterns
+    const whitelistPatterns = [
+        // Array-based whitelists
+        /allowed\w*\s*=\s*\[/i, // allowedColumns = [...]
+        /whitelist\w*\s*=\s*\[/i, // whitelistFields = [...]
+        /valid\w*\s*=\s*\[/i, // validColumns = [...]
+        /\.filter\s*\([^)]*\.includes\s*\(/i, // .filter(c => allowed.includes(c))
+        /\.includes\s*\([^)]*\)/i, // allowedColumns.includes(col)
+        /\.every\s*\([^)]*\.includes/i, // columns.every(c => allowed.includes(c))
+        /if\s*\(\s*!.*\.includes/i, // if (!allowed.includes(...))
+        // Object-based whitelists (Record<string, string>)
+        /\w+\s+in\s+\w*(?:sortable|allowed|valid|whitelist)\w*/i, // sorter in sortableFields
+        /\w+\s+in\s+\w+Fields/i, // key in someFields
+        /:\s*Record<string,\s*string>/i, // Type annotation: Record<string, string>
+        /const\s+\w+Fields\s*:\s*\{[^}]*\}\s*=/i, // const xyzFields: {...} = (inline type)
+        /const\s+\w+Fields\s*=\s*\{[^}]*\}/i, // const xyzFields = { ... }
+        /if\s*\([^)]*\s+in\s+\w+Fields\s*\)/i, // if (x in yFields)
+        /&&\s*\w+\s+in\s+\w+/i, // && sorter in sortableFields
+        // Enum-based validation (ASC/DESC, etc.)
+        /===?\s*['"](?:ASC|DESC)['"]/i, // === 'ASC' or === 'DESC'
+        /===?\s*\w+\.(?:Asc|Desc|ASC|DESC)/i, // === SortType.Asc
+        /toLowerCase\s*\(\s*\)\s*===?\s*\w+\.(?:asc|desc)/i, // .toLowerCase() === SortType.asc
+    ];
+    return whitelistPatterns.some(p => p.test(context));
+}
+//# sourceMappingURL=schema-validation.js.map

package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"schema-validation.js","sourceRoot":"","sources":["../../../../../src/detect/structural/dangerous-functions/utils/schema-validation.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAMH,8DAkCC;AAMD,kDAeC;AAMD,8DAiCC;AAlGD;;;GAGG;AACH,SAAgB,yBAAyB,CAAC,OAAe,EAAE,UAAkB;IAC3E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;IACzC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACnD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAElD,MAAM,wBAAwB,GAAG;QAC/B,eAAe;QACf,+CAA+C;QAC/C,eAAe;QACf,mBAAmB;QACnB,gBAAgB;QAChB,gBAAgB;QAChB,eAAe;QACf,iDAAiD;QACjD,kBAAkB;QAClB,sBAAsB;QACtB,eAAe;QACf,iDAAiD;QACjD,uBAAuB;QACvB,mBAAmB;QACnB,+CAA+C;QAC/C,eAAe;QACf,eAAe;QACf,yBAAyB;QACzB,mBAAmB;QACnB,kDAAkD;QAClD,8BAA8B;QAC9B,iBAAiB;QACjB,kBAAkB;QAClB,mBAAmB;KACpB,CAAA;IAED,OAAO,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AAC5D,CAAC;AAED;;;GAGG;AACH,SAAgB,mBAAmB,CAAC,OAAe;IACjD,MAAM,wBAAwB,GAAG;QAC/B,8BAA8B;QAC9B,wFAAwF;QACxF,oDAAoD;QACpD,kEAAkE;QAClE,oEAAoE;QACpE,iCAAiC,EAAE,iBAAiB;QACpD,wCAAwC;QACxC,6CAA6C;QAC7C,wBAAwB;QACxB,qBAAqB,EAAE,qBAAqB;KAC7C,CAAA;IAED,OAAO,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AAC5D,CAAC;AAED;;;GAGG;AACH,SAAgB,yBAAyB,CAAC,OAAe,EAAE,UAAkB;IAC3E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;IACzD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEhE,0CAA0C;IAC1C,MAAM,iBAAiB,GAAG;QACxB,yBAAyB;QACzB,sBAAsB,EAAE,yBAAyB;QACjD,wBAAwB,EAAE,0BAA0B;QACpD,oBAAoB,EAAE,uBAAuB;QAC7C,oCAAoC,EAAE,oCAAoC;QAC1E,yBAAyB,EAAE,+BAA+B;QAC1D,8BAA8B,EAAE,0CAA0C;QAC1E,0BAA0B,EAAE,8BAA8B;QAE1D,mDAAmD;QACnD,wDAAwD,EAAE,2BAA2B;QACrF,uBAAuB,EAAE,oBAAoB;QAC7C,+BAA+B,EAAE,0CAA0C;QAC3E,wCAAwC,EAAE,yCAAyC;QACnF,oCAAoC,EAAE,4BAA4B;QAClE,qCAAqC,EAAE,oBAAoB;QAC3D,sBAAsB,EAAE,8BAA8B;QAEtD,yCAAyC;QACzC,8BAA8B,EAAE,0BAA0B;QAC1D,oCAAoC,EAAE,mBAAmB;QACzD,mDAAmD,EAAE,kCAAkC;KACxF,CAAA;IAED,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACrD,CAAC"}

package/dist/detect/structural/data-exposure.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * Layer 2: Data Exposure Detection
+ * Identifies sensitive data in logs vs API responses with appropriate severity
+ * Separates "logging concerns" from "response exposure" which have different risk profiles
+ */
+import type { Vulnerability } from '../../shared/types';
+import type { ParsedFile } from '../../shared/parsed-file';
+/**
+ * Detect sensitive data exposure in logs and API responses
+ */
+export declare function detectDataExposure(content: string, filePath: string, options?: {
+    parsed?: ParsedFile;
+}): Vulnerability[];
+/**
+ * Check if error handling follows safe patterns
+ * Returns true if the error handling appears safe
+ */
+export declare function isSafeErrorHandling(lineContent: string, surroundingLines: string[]): boolean;
+//# sourceMappingURL=data-exposure.d.ts.map

package/dist/detect/structural/data-exposure.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"data-exposure.d.ts","sourceRoot":"","sources":["../../../src/detect/structural/data-exposure.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAyB,MAAM,oBAAoB,CAAA;AAC9E,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AAyI1D;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,UAAU,CAAA;CAAE,GAChC,aAAa,EAAE,CAqIjB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,OAAO,CAW5F"}

package/dist/detect/structural/data-exposure.js ADDED Viewed

@@ -0,0 +1,262 @@
+"use strict";
+/**
+ * Layer 2: Data Exposure Detection
+ * Identifies sensitive data in logs vs API responses with appropriate severity
+ * Separates "logging concerns" from "response exposure" which have different risk profiles
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectDataExposure = detectDataExposure;
+exports.isSafeErrorHandling = isSafeErrorHandling;
+const file_classifier_1 = require("../../parse/file-classifier");
+const BASE_CONFIDENCE = 0.40;
+const DATA_EXPOSURE_PATTERNS = [
+    // ============================================================================
+    // LOG SINKS - DISABLED
+    // Server logs are never exposed to users. After analysis of real codebases,
+    // 100% of console.error/warn findings were false positives.
+    // Logging is a standard debugging practice, not a security vulnerability.
+    // ============================================================================
+    // NOTE: The following patterns have been REMOVED to eliminate false positives:
+    // - 'Logging user ID' - user IDs in logs are standard practice
+    // - 'Logging error objects' - console.error(err) is correct error handling
+    // - 'Logging request body' - server logs are not exposed to clients
+    // - 'JSON.stringify error to log' - serializing errors for logs is fine
+    // ============================================================================
+    // RESPONSE SINKS (higher severity - exposed to clients)
+    // These are actual information disclosure risks
+    // ============================================================================
+    // Error stack traces in responses - CRITICAL
+    {
+        name: 'Stack trace in response',
+        pattern: /res\.(json|send|status\(\d+\)\.json)\s*\([^)]*\.stack|NextResponse\.json\s*\([^)]*\.stack/gi,
+        sink: 'response',
+        severity: 'high',
+        description: 'Stack trace exposed in API response. Reveals internal code paths and file structure to clients.',
+        suggestedFix: 'Never return stack traces to clients. Log server-side, return generic error message.',
+    },
+    {
+        name: 'Full error object in response',
+        pattern: /res\.(json|send)\s*\(\s*(err|error|e)\s*\)|NextResponse\.json\s*\(\s*(err|error|e)\s*\)/gi,
+        sink: 'response',
+        severity: 'high',
+        description: 'Entire error object returned to client. May expose stack traces, internal paths, and sensitive details.',
+        suggestedFix: 'Return only { error: message } or a structured error response. Never return raw error objects.',
+    },
+    {
+        name: 'Error object spread in response',
+        pattern: /res\.(json|send)\s*\(\s*\{[^}]*\.\.\.\s*(err|error|e)[^}]*\}|NextResponse\.json\s*\(\s*\{[^}]*\.\.\.\s*(err|error|e)/gi,
+        sink: 'response',
+        severity: 'high',
+        description: 'Error object spread into response. May expose stack traces and internal details.',
+        suggestedFix: 'Pick only safe properties: { error: err.message, code: err.code }',
+    },
+    {
+        name: 'Detailed error in response',
+        pattern: /res\.(json|send|status\(\d+\)\.json)\s*\(\s*\{[^}]*(details|internal|debug|trace|stack)/gi,
+        sink: 'response',
+        severity: 'medium',
+        description: 'Detailed/internal error information in response may leak implementation details.',
+        suggestedFix: 'Remove detailed/internal/debug/trace information from client-facing error responses.',
+    },
+    // Error message in response - SAFE PATTERN (info only)
+    {
+        name: 'Error message in response (safe pattern)',
+        pattern: /res\.(json|send)\s*\([^)]*error:\s*(error|err|e)\.message|NextResponse\.json\s*\([^)]*error:\s*(error|err|e)\.message/gi,
+        sink: 'response',
+        severity: 'info',
+        description: 'Error message returned to client. Generally safe - this is the recommended error response pattern.',
+        suggestedFix: 'Verify error messages don\'t contain sensitive data. Consider using generic messages for auth errors.',
+    },
+    {
+        name: 'Error message with toString',
+        pattern: /res\.(json|send)\s*\([^)]*error:\s*(error|err|e)\.toString|NextResponse\.json\s*\([^)]*error:\s*(error|err|e)\.toString/gi,
+        sink: 'response',
+        severity: 'low',
+        description: 'Error.toString() returned to client. May include error name and message - verify no sensitive data.',
+        suggestedFix: 'Prefer error.message over error.toString() for cleaner output.',
+    },
+    {
+        name: 'String error message in response',
+        pattern: /res\.(json|send|status\(\d+\)\.json)\s*\(\s*\{\s*(error|message):\s*['"`][^'"`]+['"`]\s*\}/gi,
+        sink: 'response',
+        severity: 'info',
+        description: 'Static/string error message returned to client. This is the safest error response pattern.',
+        suggestedFix: 'No action needed - static error messages are safe.',
+    },
+    // ============================================================================
+    // BOTH SINKS (depends on context)
+    // ============================================================================
+    // Sensitive data exposure patterns
+    {
+        name: 'Exposing user object',
+        pattern: /res\.(json|send)\s*\([^)]*user\s*\)|NextResponse\.json\s*\([^)]*user\s*\)/gi,
+        sink: 'response',
+        severity: 'low',
+        description: 'User object returned in response. Ensure password hashes and sensitive fields are excluded.',
+        suggestedFix: 'Select only necessary user fields. Never expose password hashes, tokens, or internal IDs.',
+    },
+];
+/**
+ * Check if file path indicates low-risk logging context
+ */
+function isLowRiskLoggingFile(filePath) {
+    // Test files
+    if ((0, file_classifier_1.isTestOrMockFile)(filePath)) {
+        return true;
+    }
+    // Scripts, tools, CLI utilities
+    if (/\/(scripts?|tools?|cli|bin)\//i.test(filePath)) {
+        return true;
+    }
+    // Internal services/utilities (not API-facing)
+    if (/\/(services?|lib|utils?|helpers?)\//i.test(filePath) &&
+        !/\/(api|routes?)\//i.test(filePath)) {
+        return true;
+    }
+    // Component files (client-side, not API)
+    if (/\/(components?|pages?|views?)\//i.test(filePath) &&
+        !/route\.(ts|js)$/i.test(filePath)) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Detect sensitive data exposure in logs and API responses
+ */
+function detectDataExposure(content, filePath, options) {
+    const vulnerabilities = [];
+    // Skip scanner/fixture files to avoid self-detection
+    if ((0, file_classifier_1.isScannerOrFixtureFile)(filePath))
+        return vulnerabilities;
+    const lines = options?.parsed?.lines ?? content.split('\n');
+    const isTestFile = (0, file_classifier_1.isTestOrMockFile)(filePath);
+    const isLowRiskFile = isLowRiskLoggingFile(filePath);
+    // Determine if this is likely an API route file
+    const isApiFile = /\/(api|routes?|handlers?|controllers?)\//i.test(filePath) ||
+        /route\.(ts|js)$/i.test(filePath);
+    // Track log findings for aggregation
+    const logFindings = [];
+    lines.forEach((line, index) => {
+        // Skip comments
+        if ((0, file_classifier_1.isComment)(line))
+            return;
+        for (const pattern of DATA_EXPOSURE_PATTERNS) {
+            const regex = new RegExp(pattern.pattern.source, pattern.pattern.flags);
+            if (regex.test(line)) {
+                let severity = pattern.severity;
+                let description = pattern.description;
+                // Adjust severity based on context
+                if (isTestFile) {
+                    severity = 'info';
+                    description = `${description} (in test file)`;
+                }
+                // Log sinks get special handling for aggregation
+                if (pattern.sink === 'log') {
+                    // In low-risk files, just aggregate without reporting individual findings
+                    if (isLowRiskFile && severity === 'info') {
+                        logFindings.push({ lineNumber: index + 1, lineContent: line.trim(), name: pattern.name });
+                        break;
+                    }
+                    // Log sinks in non-API files are lower priority
+                    if (!isApiFile) {
+                        if (severity === 'low')
+                            severity = 'info';
+                    }
+                    // Track for aggregation if info severity
+                    if (severity === 'info') {
+                        logFindings.push({ lineNumber: index + 1, lineContent: line.trim(), name: pattern.name });
+                        break;
+                    }
+                }
+                // Response sinks in API files are higher priority
+                if (pattern.sink === 'response' && isApiFile) {
+                    // Keep original severity - these are more critical in API routes
+                }
+                vulnerabilities.push({
+                    id: `data-exposure-${filePath}-${index + 1}-${pattern.name}`,
+                    filePath,
+                    lineNumber: index + 1,
+                    lineContent: line.trim(),
+                    severity,
+                    category: 'data_exposure',
+                    title: pattern.name,
+                    description,
+                    suggestedFix: pattern.suggestedFix,
+                    confidence: isTestFile ? 'low' : 'medium',
+                    baseConfidence: BASE_CONFIDENCE,
+                    layer: 2,
+                    source: 'structural',
+                });
+                break; // Only one finding per line
+            }
+        }
+    });
+    // Aggregate info-level log findings if there are many
+    if (logFindings.length >= 3) {
+        const lineNumbers = logFindings.map(f => f.lineNumber).slice(0, 5);
+        const moreText = logFindings.length > 5 ? `... (${logFindings.length} total)` : '';
+        // Group by pattern name
+        const patternCounts = new Map();
+        for (const finding of logFindings) {
+            patternCounts.set(finding.name, (patternCounts.get(finding.name) || 0) + 1);
+        }
+        const patternSummary = Array.from(patternCounts.entries())
+            .map(([name, count]) => `${count}x ${name}`)
+            .join(', ');
+        vulnerabilities.push({
+            id: `data-exposure-aggregated-${filePath}`,
+            filePath,
+            lineNumber: logFindings[0].lineNumber,
+            lineContent: `${logFindings.length} instances across this file`,
+            severity: 'info',
+            category: 'data_exposure',
+            title: `Logging patterns (${logFindings.length} instances)`,
+            description: `${patternSummary}. Review for sensitive data exposure.\n\nFound ${logFindings.length} occurrences at lines: ${lineNumbers.join(', ')}${moreText}`,
+            suggestedFix: 'Ensure logs have appropriate access controls and do not contain sensitive user data.',
+            confidence: 'low',
+            baseConfidence: BASE_CONFIDENCE,
+            layer: 2,
+            source: 'structural',
+        });
+    }
+    else if (logFindings.length > 0) {
+        // Report individually for small counts
+        for (const finding of logFindings) {
+            const pattern = DATA_EXPOSURE_PATTERNS.find(p => p.name === finding.name);
+            if (pattern) {
+                vulnerabilities.push({
+                    id: `data-exposure-${filePath}-${finding.lineNumber}-${finding.name}`,
+                    filePath,
+                    lineNumber: finding.lineNumber,
+                    lineContent: finding.lineContent,
+                    severity: 'info',
+                    category: 'data_exposure',
+                    title: pattern.name,
+                    description: pattern.description,
+                    suggestedFix: pattern.suggestedFix,
+                    confidence: 'low',
+                    baseConfidence: BASE_CONFIDENCE,
+                    layer: 2,
+                    source: 'structural',
+                });
+            }
+        }
+    }
+    return vulnerabilities;
+}
+/**
+ * Check if error handling follows safe patterns
+ * Returns true if the error handling appears safe
+ */
+function isSafeErrorHandling(lineContent, surroundingLines) {
+    // Safe patterns: only returning error.message, using generic messages
+    const safePatterns = [
+        /error:\s*['"`].*['"`]/, // Generic string message
+        /error:\s*error\.message/, // Only message property
+        /error:\s*err\.message/,
+        /message:\s*(error|err)\.message/,
+        /status\(\d+\)\.json\(\s*\{\s*error:/, // Status code + error object (common pattern)
+    ];
+    return safePatterns.some(p => p.test(lineContent));
+}
+//# sourceMappingURL=data-exposure.js.map

package/dist/detect/structural/data-exposure.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"data-exposure.js","sourceRoot":"","sources":["../../../src/detect/structural/data-exposure.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AA+IH,gDAyIC;AAMD,kDAWC;AArSD,iEAAiG;AAEjG,MAAM,eAAe,GAAG,IAAI,CAAA;AAW5B,MAAM,sBAAsB,GAA0B;IACpD,+EAA+E;IAC/E,uBAAuB;IACvB,4EAA4E;IAC5E,4DAA4D;IAC5D,0EAA0E;IAC1E,+EAA+E;IAE/E,+EAA+E;IAC/E,+DAA+D;IAC/D,2EAA2E;IAC3E,oEAAoE;IACpE,wEAAwE;IAExE,+EAA+E;IAC/E,wDAAwD;IACxD,gDAAgD;IAChD,+EAA+E;IAE/E,6CAA6C;IAC7C;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,6FAA6F;QACtG,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,iGAAiG;QAC9G,YAAY,EAAE,sFAAsF;KACrG;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,2FAA2F;QACpG,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yGAAyG;QACtH,YAAY,EAAE,gGAAgG;KAC/G;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,wHAAwH;QACjI,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,kFAAkF;QAC/F,YAAY,EAAE,mEAAmE;KAClF;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,2FAA2F;QACpG,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,kFAAkF;QAC/F,YAAY,EAAE,sFAAsF;KACrG;IAED,uDAAuD;IACvD;QACE,IAAI,EAAE,0CAA0C;QAChD,OAAO,EAAE,yHAAyH;QAClI,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,oGAAoG;QACjH,YAAY,EAAE,uGAAuG;KACtH;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,2HAA2H;QACpI,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,qGAAqG;QAClH,YAAY,EAAE,gEAAgE;KAC/E;IACD;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,8FAA8F;QACvG,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,4FAA4F;QACzG,YAAY,EAAE,oDAAoD;KACnE;IAED,+EAA+E;IAC/E,kCAAkC;IAClC,+EAA+E;IAE/E,mCAAmC;IACnC;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,6EAA6E;QACtF,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,6FAA6F;QAC1G,YAAY,EAAE,2FAA2F;KAC1G;CACF,CAAA;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,QAAgB;IAC5C,aAAa;IACb,IAAI,IAAA,kCAAgB,EAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAA;IACb,CAAC;IAED,gCAAgC;IAChC,IAAI,gCAAgC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,OAAO,IAAI,CAAA;IACb,CAAC;IAED,+CAA+C;IAC/C,IAAI,sCAAsC,CAAC,IAAI,CAAC,QAAQ,CAAC;QACrD,CAAC,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzC,OAAO,IAAI,CAAA;IACb,CAAC;IAED,yCAAyC;IACzC,IAAI,kCAAkC,CAAC,IAAI,CAAC,QAAQ,CAAC;QACjD,CAAC,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvC,OAAO,IAAI,CAAA;IACb,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAChC,OAAe,EACf,QAAgB,EAChB,OAAiC;IAEjC,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,qDAAqD;IACrD,IAAI,IAAA,wCAAsB,EAAC,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAA;IAE5D,MAAM,KAAK,GAAG,OAAO,EAAE,MAAM,EAAE,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC3D,MAAM,UAAU,GAAG,IAAA,kCAAgB,EAAC,QAAQ,CAAC,CAAA;IAC7C,MAAM,aAAa,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAA;IAEpD,gDAAgD;IAChD,MAAM,SAAS,GAAG,2CAA2C,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC1D,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IAEnD,qCAAqC;IACrC,MAAM,WAAW,GAAgE,EAAE,CAAA;IAEnF,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,gBAAgB;QAChB,IAAI,IAAA,2BAAS,EAAC,IAAI,CAAC;YAAE,OAAM;QAE3B,KAAK,MAAM,OAAO,IAAI,sBAAsB,EAAE,CAAC;YAC7C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;YAEvE,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrB,IAAI,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAA;gBAC/B,IAAI,WAAW,GAAG,OAAO,CAAC,WAAW,CAAA;gBAErC,mCAAmC;gBACnC,IAAI,UAAU,EAAE,CAAC;oBACf,QAAQ,GAAG,MAAM,CAAA;oBACjB,WAAW,GAAG,GAAG,WAAW,iBAAiB,CAAA;gBAC/C,CAAC;gBAED,iDAAiD;gBACjD,IAAI,OAAO,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;oBAC3B,0EAA0E;oBAC1E,IAAI,aAAa,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;wBACzC,WAAW,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,KAAK,GAAG,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAA;wBACzF,MAAK;oBACP,CAAC;oBAED,gDAAgD;oBAChD,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,IAAI,QAAQ,KAAK,KAAK;4BAAE,QAAQ,GAAG,MAAM,CAAA;oBAC3C,CAAC;oBAED,yCAAyC;oBACzC,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;wBACxB,WAAW,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,KAAK,GAAG,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAA;wBACzF,MAAK;oBACP,CAAC;gBACH,CAAC;gBAED,kDAAkD;gBAClD,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU,IAAI,SAAS,EAAE,CAAC;oBAC7C,iEAAiE;gBACnE,CAAC;gBAED,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,iBAAiB,QAAQ,IAAI,KAAK,GAAG,CAAC,IAAI,OAAO,CAAC,IAAI,EAAE;oBAC5D,QAAQ;oBACR,UAAU,EAAE,KAAK,GAAG,CAAC;oBACrB,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;oBACxB,QAAQ;oBACR,QAAQ,EAAE,eAAe;oBACzB,KAAK,EAAE,OAAO,CAAC,IAAI;oBACnB,WAAW;oBACX,YAAY,EAAE,OAAO,CAAC,YAAY;oBAClC,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ;oBACzC,cAAc,EAAE,eAAe;oBAC/B,KAAK,EAAE,CAAC;oBACV,MAAM,EAAE,YAAqB;iBAC5B,CAAC,CAAA;gBACF,MAAK,CAAC,4BAA4B;YACpC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,sDAAsD;IACtD,IAAI,WAAW,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC5B,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;QAClE,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,WAAW,CAAC,MAAM,SAAS,CAAC,CAAC,CAAC,EAAE,CAAA;QAElF,wBAAwB;QACxB,MAAM,aAAa,GAAG,IAAI,GAAG,EAAkB,CAAA;QAC/C,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;YAClC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;QAC7E,CAAC;QACD,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;aACvD,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,KAAK,IAAI,EAAE,CAAC;aAC3C,IAAI,CAAC,IAAI,CAAC,CAAA;QAEb,eAAe,CAAC,IAAI,CAAC;YACnB,EAAE,EAAE,4BAA4B,QAAQ,EAAE;YAC1C,QAAQ;YACR,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,UAAU;YACrC,WAAW,EAAE,GAAG,WAAW,CAAC,MAAM,6BAA6B;YAC/D,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,eAAe;YACzB,KAAK,EAAE,qBAAqB,WAAW,CAAC,MAAM,aAAa;YAC3D,WAAW,EAAE,GAAG,cAAc,kDAAkD,WAAW,CAAC,MAAM,0BAA0B,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,QAAQ,EAAE;YAC/J,YAAY,EAAE,sFAAsF;YACpG,UAAU,EAAE,KAAK;YACjB,cAAc,EAAE,eAAe;YAC/B,KAAK,EAAE,CAAC;YACN,MAAM,EAAE,YAAqB;SAChC,CAAC,CAAA;IACJ,CAAC;SAAM,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClC,uCAAuC;QACvC,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;YACzE,IAAI,OAAO,EAAE,CAAC;gBACZ,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,iBAAiB,QAAQ,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,IAAI,EAAE;oBACrE,QAAQ;oBACR,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,QAAQ,EAAE,MAAM;oBAChB,QAAQ,EAAE,eAAe;oBACzB,KAAK,EAAE,OAAO,CAAC,IAAI;oBACnB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,YAAY,EAAE,OAAO,CAAC,YAAY;oBAClC,UAAU,EAAE,KAAK;oBACjB,cAAc,EAAE,eAAe;oBAC/B,KAAK,EAAE,CAAC;oBACV,MAAM,EAAE,YAAqB;iBAC5B,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC;AAED;;;GAGG;AACH,SAAgB,mBAAmB,CAAC,WAAmB,EAAE,gBAA0B;IACjF,sEAAsE;IACtE,MAAM,YAAY,GAAG;QACnB,uBAAuB,EAAG,yBAAyB;QACnD,yBAAyB,EAAG,wBAAwB;QACpD,uBAAuB;QACvB,iCAAiC;QACjC,qCAAqC,EAAG,8CAA8C;KACvF,CAAA;IAED,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;AACpD,CAAC"}

package/dist/detect/structural/framework-checks.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * Layer 2: Framework-Specific Security Checks
+ * Detects security issues specific to popular frameworks (Next.js, Express, React, etc.)
+ */
+import type { Vulnerability } from '../../shared/types';
+import type { ParsedFile } from '../../shared/parsed-file';
+export declare function detectFrameworkIssues(content: string, filePath: string, options?: {
+    parsed?: ParsedFile;
+}): Vulnerability[];
+//# sourceMappingURL=framework-checks.d.ts.map